Chapter 1
Overview
•
•
•
QoS and CoS Features
•
•
OL-13018-03
802.1x accounting to track network usage
–
802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
–
specific Ethernet frame
802.1x readiness check to determine the readiness of connected end hosts before configuring
–
IEEE 802.1x on the switch
–
Voice aware 802.1x security to apply traffic violation actions only on the VLAN on which a
security violation occurs.
MAC authentication bypass to authorize clients based on the client MAC address.
–
–
Network Admission Control (NAC) Layer 2 802.1x validation of the antivirus condition or
posture of endpoint systems or clients before granting the devices network access.
For information about configuring NAC Layer 2 802.1x validation, see the
Layer 2 802.1x Validation" section on page
Network Edge Access Topology (NEAT) with 802.1X switch supplicant, host authorization
–
with CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant
to another switch.
IEEE 802.1x with open access to allow a host to access the network before being authenticated.
–
IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL
–
downloads from a Cisco Secure ACS server to an authenticated switch.
Flexible-authentication sequencing to configure the order of the authentication methods that a
–
port tries when authenticating a new host.
Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled
–
port.
TACACS+, a proprietary feature for managing network security through a TACACS server
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through authentication, authorization, and accounting (AAA) services
Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic version of the software)
Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues
Classification
IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS
–
marking priorities on a per-port basis for protecting the performance of mission-critical
applications
IP ToS/DSCP and IEEE 802.1p CoS marking based on flow-based packet classification
–
(classification based on information in the MAC, IP, and TCP/UDP headers) for
high-performance quality of service at the network edge, allowing for differentiated service
levels for different types of network traffic and for prioritizing mission-critical traffic in the
network
Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port
–
bordering another QoS domain
12-49.
Cisco IE 3000 Switch Software Configuration Guide
Features
"Configuring NAC
1-9