Advertisement
IP Source Guard prevents a malicious user from spoofing or taking over another user's IP address by
●
creating a binding table between the client's IP and MAC address, port, and VLAN.
Cisco TrustSec
TrustSec secures access to the network, enforces security policies, and delivers standard based security solutions
such as 802.1X enabling secure collaboration and policy compliance. TrustSec capabilities reflect Cisco thought
leadership, innovations, and commitment to customer success. These new capabilities include:
Flexible Authentication that supports multiple authentication mechanisms including 802.1X, MAC
●
Authentication Bypass and web authentication using a single, consistent configuration
Open Mode that creates a user friendly environment for 802.1X operations
●
Integration of Device Profiling Technology and Guest Access handling with Cisco switching to
●
significantly improve security while reducing deployment and operational challenges
RADIUS Change of Authorization and Downloadable Calls for comprehensive policy management
●
capabilities
802.1X Supplicant with Network Edge Access Transport (NEAT) enables extended secure access where
●
compact switches in the conference rooms have the same level of security as switches inside the locked
wiring closet
Other Advanced Security Features
Other Advanced Security features include but are not limited to:
Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users
●
cannot snoop on other users' traffic.
Multidomain Authentication allows an IP phone and a PC to authenticate on the same switch port while
●
placing them on appropriate voice and data VLAN.
Port-Based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
●
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3
●
(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions.
SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software
image because of U.S. export restrictions.
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Intrusion Detection
●
System (IDS) to take action when an intruder is detected.
TACACS+ and RADIUS Authentication facilitates centralized control of the switch and restricts
●
unauthorized users from altering the configuration.
MAC Address Notification allows administrators to be notified of users added to or removed from the
●
network.
Multilevel Security on Console Access prevents unauthorized users from altering the switch configuration.
●
Bridge Protocol Data Unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when
●
BPDUs are received to avoid accidental topology loops.
Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator's control from
●
becoming Spanning Tree Protocol root nodes.
IGMP Filtering provides multicast authentication by filtering out nonsubscribers and limits the number of
●
concurrent multicast streams available per port.
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Data Sheet
Page 9 of 28
Advertisement
