Cisco Catalyst 3120 Software Manual page 55

Chapter 1 Overview
• VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the MAC, IP, and TCP/UDP headers
• Source and destination MAC-based ACLs for filtering non-IP traffic
• IPv6 ACLs to be applied to interfaces to filter IPv6 traffic
• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
• IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP
snooping database and IP source bindings
• Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP
requests and responses to other ports in the same VLAN
• IEEE 802.1Q tunneling so that customers with users at remote sites across a service-provider
network can keep VLANs segregated from other customers and Layer 2 protocol tunneling to ensure
that the customer's network has complete STP, CDP, and VTP information about all users
• Layer 2 point-to-point tunneling to facilitate the automatic creation of EtherChannels
• Layer 2 protocol tunneling bypass feature to provide interoperability with third-party vendors
IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
•
access to the network. These features are supported:
–
–
–
–
–
–
–
–
–
MAC authentication bypass to authorize clients based on the client MAC address.
•
Network Admission Control (NAC) features:
•
–
–
OL-12247-01
Multidomain authentication (MDA) to allow both a data device and a voice device, such as an
IP phone (Cisco or non-Cisco), to independently authenticate on the same IEEE 802.1x-enabled
switch port
VLAN assignment for restricting IEEE 802.1x-authenticated users to a specified VLAN
Port security for controlling access to IEEE 802.1x ports
Voice VLAN to permit a Cisco IP Phone to access the voice VLAN regardless of the authorized
or unauthorized state of the port
IP phone detection enhancement to detect and recognize a Cisco IP phone
Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users
Restricted VLAN to provide limited services to users who are IEEE 802.1x compliant, but do
not have the credentials to authenticate via the standard IEEE 802.1x processes
IEEE 802.1x accounting to track network usage
IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt
of a specific Ethernet frame
NAC Layer 2 IEEE 802.1x validation of the antivirus condition or posture of endpoint systems
or clients before granting the devices network access.
For information about configuring NAC Layer 2 IEEE 802.1x validation, see the
NAC Layer 2 IEEE 802.1x Validation" section on page
NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the
devices network access.
For information about configuring NAC Layer 2 IP validation, see the Network Admission
Control Software Configuration Guide.
Cisco Catalyst Blade Switch 3120 for HP Software Configuration Guide
"Configuring
9-41.
Features
1-9