Security Features Overview - Cisco Catalyst 2960 series Configuration Manual

Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs Also See for Catalyst 2960 series:
Table of Contents

Advertisement

Security Features Overview

Security Features Overview
The switch supports a LAN base image or a LAN lite image with a reduced feature set, depending on switch
hardware. The security features are as follows:
• IPv6 First Hop Security—A suite of security features to be applied at the first hop switch to protect
• Web Authentication—Allows a supplicant (client) that does not support IEEE 802.1x functionality to
• Local Web Authentication Banner—A custom banner or an image file displayed at a web authentication
• IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute
• Password-protected access (read-only and read-write access) to management interfaces (device manager,
• Multilevel security for a choice of security level, notification, and resulting actions
• Static MAC addressing for ensuring security
• Protected port option for restricting the forwarding of traffic to designated ports on the same switch
• Port security option for limiting and identifying MAC addresses of the stations allowed to access the
• VLAN aware port security option to shut down the VLAN on the port when a violation occurs, instead
• Port security aging to set the aging time for secure addresses on a port.
• Protocol storm protection to control the rate of incoming protocol traffic to a switch by dropping packets
Security Features Overview, page 749
against vulnerabilities inherent in IPv6 networks. These include, Binding Integrity Guard (Binding
Table), Router Advertisement Guard (RA Guard), DHCP Guard, IPv6 Neighbor Discovery Inspection
(ND Guard), and IPv6 Source Guard.
This feature is not supported on LanLite images on Catalyst 2960-X Series Switches.
be authenticated using a web browser.
login screen.
Network Assistant, and the CLI) for protection against unauthorized configuration changes
port
of shutting down the entire port.
that exceed a specified ingress rate.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
32
C H A P T E R
749

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents