Cisco Catalyst 2975 Software Configuration Manual page 50

Features
–
–
–
–
–
–
–
–
–
TACACS+, a proprietary feature for managing network security through a TACACS server
•
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
•
through authentication, authorization, and accounting (AAA) services
Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
•
and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic version of the software)
IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute
•
• Support for IP source guard on static hosts.
• RADIUS Change of Authorization (CoA) to change the attributes of a certain session after it is
authenticated. When there is a change in policy for a user or user group in AAA, administrators can
send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize
authentication, and apply to the new policies.
IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to
•
improve scalability of the network by load balancing users across different VLANs. Authorized
users are assigned to the least populated VLAN in the group, assigned by RADIUS server.
Support for critical VLAN with multiple-host authentication so that when a port is configured for
•
multi-auth, and an AAA server becomes unreachable, the port is placed in a critical VLAN in order
to still permit access to critical resources.
• Customizable web authentication enhancement to allow the creation of user-defined login, success,
failure and expire web pages for local web authentication.
• Support for Network Edge Access Topology (NEAT) to change the port host mode and to apply a
standard port configuration on the authenticator switch port.
VLAN-ID based MAC authentication to use the combined VLAN and MAC address information for
•
user authentication to prevent network access from unauthorized VLANs.
Catalyst 2975 Switch Software Configuration Guide
1-10
Voice aware 802.1x security to apply traffic violation actions only on the VLAN on which a
security violation occurs.
MAC authentication bypass to authorize clients based on the client MAC address.
Network Admission Control (NAC) Layer 2 802.1x validation of the antivirus condition or
posture of endpoint systems or clients before granting the devices network access.
For information about configuring NAC Layer 2 802.1x validation, see the
Layer 2 802.1x Validation" section on page
Network Edge Access Topology (NEAT) with 802.1X switch supplicant, host authorization
with CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant
to another switch.
IEEE 802.1x with open access to allow a host to access the network before being authenticated.
IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL
downloads from a Cisco Secure ACS server to an authenticated switch.
Support for dynamic creation or attachment of an auth-default ACL on a port that has no
configured static ACLs.
Flexible-authentication sequencing to configure the order of the authentication methods that a
port tries when authenticating a new host.
Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled
port.
10-59.
Chapter 1 Overview
"Configuring NAC
OL-19720-02