X Identity-Based Network Security - Cisco Catalyst 4500 series Administration Manual

Security Features
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•

802.1X Identity-Based Network Security

This security feature consists of the following:
•
•
•
•
•
•
•
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
1-34
Dynamic ARP Inspection, page 1-37
Dynamic Host Configuration Protocol Snooping, page 1-37
Flood Blocking, page 1-37
Hardware-Based Control Plane Policing, page 1-37
IP Source Guard, page 1-38
IP Source Guard for Static Hosts, page 1-38
IPsec VPN, page 1-40
IPv6 First Hop Security, page 1-38
Local Authentication, RADIUS, and TACACS+ Authentication, page 1-40
Network Admission Control, page 1-40
Network Security with ACLs, page 1-41
Port Security, page 1-41
PPPoE Intermediate Agent, page 1-41
Session Aware Networking, page 1-42
Storm Control, page 1-42
uRPF Strict Mode, page 1-42
Utilities, page 1-43
Web-based Authentication, page 1-43
802.1X Authentication for Guest VLANs—Allows you to use VLAN assignment to limit network
access for certain users.
802.1X Authentication Failed Open Assignment—Allows you to configure a switch to handle the
case when a device fails to authenticate itself correctly through 802.1X (for example, not providing
the correct password).
802.1X Authentication with ACL Assignment—Downloads per-host policies such as ACLs and
redirect URLs to the switch from the RADIUS server during 802.1X or MAB authentication of the
host.
802.1X Authentication with Per-User ACL and Filter-ID ACL—Allows ACL policy enforcement
using a third-party AAA server.
802.1X Convergence—Provides consistency between the switching business units in 802.1X
configuration and implementation.
802.1X Protocol—Provides a means for a host that is connected to a switch port to be authenticated
before it is given access to the switch services.
802.1X RADIUS accounting—Allows you to track the use of network devices.
Chapter 1 Product Overview
OL-30933-01