Cisco Catalyst 3560V2-24PS Datasheet page 5

IEEE 802.1x allows dynamic, port-based security, providing user authentication.
●
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of
●
where the user is connected.
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or
●
unauthorized state of the port.
IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC
●
addresses, including those of the client.
IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of where
●
the user is connected.
IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access on the
●
guest VLAN.
IEEE 802.1x Supplicant on the switches can be used to authenticate switches onto the network, thereby
●
preventing unauthorized network devices from being used to expand the network.
IEEE 802.1x Readiness Check eases 802.1x deployment in an enterprise. This feature determines if the
●
client has an 802.1x supplicant by initiating an 802.1x ping.
Open 802.1x allows network communication to take place before an 802.1x authentication. This feature is
●
useful for PXE environments and other applications where network connectivity is required prior to 802.1x
authentication. An ACL is used to allow traffic prior to authentication.
Flexible Authentication or FlexAuth can be used to determine the order of authentication methods on the
●
network. For example, if the order is set to 802.1x, MAB, and WebAuth, the network will first try to
authenticate via 802.1x, then via MAB, and then via WebAuth.
Multi Authentication or MultiAuth enables up to 8 users to authenticate via the same switch port. This feature
●
includes support for multiple authentication methods, such as 802.1x, MAB, and WebAuth, and per-user
ACLs.
Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based browser for
●
authentication.
Local Web Authentication is a key feature that allows non 802.1x users to authenticate via a login web page.
●
The user enters the authentication info, such as user id and password, and gets authenticated via a AAA
server.
Local Web Authentication Banner allows users to customize the authentication web page.
●
Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same switch port while
●
placing them on appropriate Voice and Data VLAN.
MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant to get
●
authenticated using their MAC address.
Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from being bridged within
●
VLANs.
Cisco standard and extended IP security router ACLs (RACLs) define security policies on routed interfaces
●
for control- and data-plane traffic.
Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on individual switch
●
ports.
Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.
●
Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch has not
●
already learned how to forward.
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Data Sheet
Page 5 of 20