Cisco Systems 3560X Manual

A SERVICE OF

next previous

1-11

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 1 Overview

Features

–

IP phone detection enhancement to detect and recognize a Cisco IP phone

–

Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users

–

Restricted VLAN to provide limited services to users who are IEEE 802.1x compliant, but do

not have the credentials to authenticate via the standard IEEE 802.1x processes

–

IEEE 802.1x accounting to track network usage

–

IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt

of a specific Ethernet frame

–

Voice aware IEEE 802.1x security to apply traffic violation actions only on the VLAN on which

a security violation occurs

–

Network Edge Access Topology (NEAT) with 802.1x switch supplicant, host authorization with

CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant to

another switch.

–

IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL

downloads from a Cisco Secure ACS server to an authenticated switch.

–

Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled

port.

• MAC authentication bypass to authorize clients based on the client MAC address.

• Voice aware IEEE 802.1x and mac authentication bypass (MAB) security violation to shut down

only the data VLAN on a port when a security violation occurs

• Network Admission Control (NAC) features:

–

NAC Layer 2 IEEE 802.1x validation of the antivirus condition or posture of endpoint systems

or clients before granting the devices network access.

For information about configuring NAC L

ayer 2 IEEE 802.1x validation, see the “Configuring

NAC Layer 2 IEEE 802.1x Validation” section on page 11-58.

–

NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the

devices network access.

For information about configuring NAC Layer 2 IP validation, see the Network Admi

ssion

Control Software Configuration Guide.

–

IEEE 802.1x inaccessible authentication bypass.

For information about configuring this feature, see the “

Configuring the Inaccessible

Authentication Bypass Feature” section on page 11-53.

–

Authentication, authorization, and accounting (AAA) down policy for a NAC Layer 2 IP

validation of a host if the AAA server is not available when the posture validation occurs.

For information about this feature, see the Network Adm

ission Control Software Configuration

Guide.

• TACACS+, a proprietary feature for managing network security through a TACACS server

• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users

through AAA services

• Kerberos security system to authenticate requests for network resources by using a trusted third

party

• Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,

and message integrity and HTTP client authentication to allow secure HTTP communications