Cisco 3020 - Catalyst Blade Switch Configuration Manual page 42

Features
Port security option for limiting and identifying MAC addresses of the stations allowed to access
•
the port
Port security aging to set the aging time for secure addresses on a port
•
BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs
•
Standard and extended IP access control lists (ACLs) for defining inbound security policies on Layer
•
2 interfaces (port ACLs)
Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
•
interfaces
VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
•
information in the MAC, IP, and TCP/UDP headers
Source and destination MAC-based ACLs for filtering non-IP traffic
•
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
•
IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
•
access to the network. These features are supported:
–
–
–
–
–
–
–
• MAC authentication bypass to authorize clients based on the client MAC address.
TACACS+, a proprietary feature for managing network security through a TACACS server
•
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
•
through authentication, authorization, and accounting (AAA) services
Kerberos security system to authenticate requests for network resources by using a trusted third
•
party (requires the cryptographic version of the software
Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
•
and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic version of the software)
Cisco Catalyst Blade Switch 3020 for HP Software Configuration Guide
1-6
VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN
Port security for controlling access to IEEE 802.1x ports
Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized
or unauthorized state of the port
Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users
Restricted VLAN to provide limited services to users who are IEEE 802.1x compliant, but do
not have the credentials to authenticate via the standard IEEE 802.1x processes
IEEE 802.1x accounting to track network usage
IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt
of a specific Ethernet frame
Chapter 1 Overview
OL-8915-01