Table of Contents
Advertisement
Features
•
•
•
•
•
•
•
•
•
Network Security
•
•
•
•
•
•
Quality of Service and Class of Service Features
•
•
•
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
1-6
Configuration file security so that only authenticated and authorized users have access to the
configuration file, preventing users from accessing the configuration file by using the password
recovery process
Multilevel security for a choice of security level, notification, and resulting actions
Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
Port security aging to set the aging time for secure addresses on a port
UNI default port state is disabled
Automatic control-plane protection to protect the CPU from accidental or malicious overload due to
Layer 2 control traffic on UNIs
TACACS+, a proprietary feature for managing network security through a TACACS server
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through authentication, authorization, and accounting (AAA) services
Kerberos security system to authenticate requests for network resources by using a trusted third
party (requires the cryptographic versions of the switch software)
Static MAC addressing for ensuring security
Standard and extended IP access control lists (ACLs) for defining security policies in both directions
on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs)
Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces
VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the MAC, IP, and TCP/UDP headers
Source and destination MAC-based ACLs for filtering non-IP traffic
IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
access to the network. These features are supported:
VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN
–
Port security for controlling access to IEEE 802.1x ports
–
–
IEEE 802.1x accounting to track network usage
Cisco modular quality of service (QoS) command-line (MQC) implementation
Classification based on IP precedence, Differentiated Services Code Point (DSCP), and IEEE
802.1p class of service (CoS) packet fields, ACL lookup, or assigning a QoS label for output
classification
Policing
–
One-rate policing based on average rate and burst rate for a policer
–
Two-color policing that allows different actions for packets that conform to or exceed the rate
–
Aggregate policing for policers shared by multiple traffic classes
Chapter 1
Overview
78-17058-01
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
