Navigation.....................................................................................................................................................235
Layer 1 examples..........................................................................................................................................235
Layer 2 examples..........................................................................................................................................238
Layer 3 examples..........................................................................................................................................242
DoS protection mechanisms.........................................................................................................................249
CP-Limit recommendations..................................................................................................................250
Damage prevention.......................................................................................................................................252
Packet spoofing....................................................................................................................................253
High Secure mode................................................................................................................................254
Spanning Tree BPDU filtering...............................................................................................................254
Security and redundancy..............................................................................................................................255
Data plane security.......................................................................................................................................255
EAP......................................................................................................................................................256
VLANs and traffic isolation...................................................................................................................257
DHCP snooping....................................................................................................................................258
IP Source Guard...................................................................................................................................260
Security at layer 2.................................................................................................................................260
Routing protocol security......................................................................................................................262
Control plane security...................................................................................................................................262
Management port.................................................................................................................................263
Management access control.................................................................................................................264
High Secure mode................................................................................................................................265
Security and access policies................................................................................................................265
RADIUS authentication.........................................................................................................................266
RADIUS over IPv6................................................................................................................................268
TACACS+.............................................................................................................................................268
SNMP header network address............................................................................................................270
SNMPv3 support..................................................................................................................................271
Other security equipment.....................................................................................................................271
For more information.....................................................................................................................................272
QoS mechanisms..........................................................................................................................................273
QoS and queues...................................................................................................................................276
QoS and filters......................................................................................................................................276
Policing and shaping............................................................................................................................278
Planning and Engineering - Network Design
November 2010
7