Cisco Catalyst 3750 Software Configuration Manual page 43

Chapter 1 Overview
Layer 3 VPN Services
•
•
Security Features
The Kerberos feature listed in this section is available only on the cryptographic version of the switch
Note
software image.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
78-15870-01
Support for MPLS VPNs provides the capability to deploy and administer scalable Layer 3 VPN
services to business customers. Each VPN is associated with one or more VPN routing/forwarding
(VRF) instances that include routing and forwarding tables and rules that define the VPN
membership. (MPLS VPNs are supported only on ES ports.)
Multiple VPN multi-VRF instances in customer edge (CE) devices to allow service providers to
support multiple VPNs and to overlap IP addresses between VPNs.
Password-protected access (read-only and read-write access) to management interfaces for
protection against unauthorized configuration changes
Multilevel security for a choice of security level, notification, and resulting actions
Static MAC addressing for ensuring security
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
Port security aging to set the aging time for secure addresses on a port
BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs
Standard and extended IP access control lists (ACLs) for defining security policies in both directions
on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs)
Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces
VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the MAC, IP, and TCP/User Datagram Protocol (UDP) headers
Source and destination MAC-based ACLs for filtering non-IP traffic
IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
access to the network
TACACS+, a proprietary feature for managing network security through a TACACS server
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through authentication, authorization, and accounting (AAA) services
Kerberos security system to authenticate requests for network resources by using a trusted third
party (requires the cryptographic [that is, supports encryption] version of the switch software image)
Password recovery disable capability to protect access to switches at customer sites
Catalyst 3750 Metro Switch Software Configuration Guide
Features
1-5