Specifications

ManualsBrandsCisco ManualsComputer equipment2970 - Catalyst Switch

1-6

Catalyst 2970 Switch Software Configuration Guide

78-15462-03

Chapter 1 Overview

Features

• Multilevel security for a choice of security level, notification, and resulting actions

• Static MAC addressing for ensuring security

• Protected port option for restricting the forwarding of traffic to designated ports on the same switch

• Port security option for limiting and identifying MAC addresses of the stations allowed to access

the port

• Port security aging to set the aging time for secure addresses on a port

• BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs

• Standard and extended IP access control lists (ACLs) for defining security policies in both directions

on VLANs and inbound on Layer 2 interfaces (port ACLs)

• Extended MAC access control lists for defining security policies in the inbound direction on Layer 2

interfaces

• VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on

information in the MAC, IP, and TCP/User Datagram Protocol (UDP) headers

• Source and destination MAC-based ACLs for filtering non-IP traffic

• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers

• IEEE 802.1X port-based authentication to prevent unauthorized devices (clients) from gaining

access to the network

–

802.1X with VLAN assignment for restricting 802.1X-authenticated users to a specified VLAN

–

802.1X with port security for controlling access to 802.1X ports

–

802.1X with voice VLAN to permit an IP phone access to the voice VLAN regardless of the

authorized or unauthorized state of the port

–

802.1X with guest VLAN to provide limited services to non-802.1X-compliant users

• Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for

managing network security through a TACACS server

• Remote Authentication Dial-In User Service (RADIUS) for verifying the identity of, granting

access to, and tracking the actions of remote users through authentication, authorization, and

accounting (AAA) services

• Kerberos security system to authenticate requests for network resources by using a trusted third

party (requires the cryptographic [that is, supports encryption] version of the switch software image)

QoS and CoS Features

• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying

traffic and configuring egress queues (voice over IP only)

• Classification

–

IP type-of-service/Differentiated Services Code Point (IP TOS/DSCP) and 802.1P CoS marking

priorities on a per-port basis for protecting the performance of mission-critical applications

–

IP TOS/DSCP and 802.1P CoS marking based on flow-based packet classification

(classification based on information in the MAC, IP, and TCP/UDP headers) for

high-performance quality of service at the network edge, allowing for differentiated service

levels for different types of network traffic and for prioritizing mission-critical traffic in the

network

–

Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port

bordering another QoS domain