Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

1-10

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 1 Overview

Features

• Support for VTP version 3 that includes support for configuring extended range VLANs (VLANs

1006 to 4094) in any VTP mode, enhanced authentication (hidden or secret passwords), propagation

of other databases in addition to VTP, VTP primary and secondary servers, and the option to turn

VTP on or off by port

Security Features

• IP Service Level Agreements (IP SLAs) responder support that allows the switch to be a target

device for IP SLAs active traffic monitoring

Note To use IP SLAs, the switch must be running the LAN Base image.

• Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to

be authenticated using a web browser

Note To use Web Authentication, the switch must be running the LAN Base image.

• Local web authentication banner so that a custom banner or an image file can be displayed at a web

authentication login screen

• IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute

Note To use this feature, the switch must be running the LAN Base image.

• Password-protected access (read-only and read-write access) to management interfaces (device

manager, Network Assistant, and the CLI) for protection against unauthorized configuration

changes

• Multilevel security for a choice of security level, notification, and resulting actions

• Static MAC addressing for ensuring security

• Protected port option for restricting the forwarding of traffic to designated ports on the same switch

• Port security option for limiting and identifying MAC addresses of the stations allowed to access

the port

• VLAN aware port security option to shut down the VLAN on the port when a violation occurs,

instead of shutting down the entire port.

• Port security aging to set the aging time for secure addresses on a port

• BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs

• Standard and extended IP access control lists (ACLs) for defining inbound security policies on

Layer 2 interfaces (port ACLs)

• Extended MAC access control lists for defining security policies in the inbound direction on Layer 2

interfaces

• Source and destination MAC-based ACLs for filtering non-IP traffic

• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers

• IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP

snooping database and IP source bindings

previous next