Cisco Systems 3560 Manual De Usuario
1-10
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 1 Overview
Features
–
Network Edge Access Topology (NEAT) with 802.1X switch supplicant, host authorization
with CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant
to another switch.
with CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant
to another switch.
–
IEEE 802.1x with open access to allow a host to access the network before being authenticated.
–
IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL
downloads from a Cisco Secure ACS server to an authenticated switch.
downloads from a Cisco Secure ACS server to an authenticated switch.
–
Flexible-authentication sequencing to configure the order of the authentication methods that a
port tries when authenticating a new host.
port tries when authenticating a new host.
–
Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled
port.
port.
•
Network Admission Control (NAC) features:
–
NAC Layer 2 802.1x validation of the antivirus condition or posture of endpoint systems or
clients before granting the devices network access.
clients before granting the devices network access.
For information about configuring NAC Layer 2 802.1x validation, see the
–
NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the
devices network access.
devices network access.
For information about configuring NAC Layer 2 IP validation, see the Network Admission
Control Software Configuration Guide.
Control Software Configuration Guide.
–
IEEE 802.1x inaccessible authentication bypass.
For information about configuring this feature, see the
.
–
Authentication, authorization, and accounting (AAA) down policy for a NAC Layer 2 IP
validation of a host if the AAA server is not available when the posture validation occurs.
validation of a host if the AAA server is not available when the posture validation occurs.
For information about this feature, see the Network Admission Control Software Configuration
Guide.
Guide.
•
TACACS+, a proprietary feature for managing network security through a TACACS server
•
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through AAA services
through AAA services
•
Kerberos security system to authenticate requests for network resources by using a trusted third
party (requires the cryptographic versions of the software (IP base and IP services images)
party (requires the cryptographic versions of the software (IP base and IP services images)
•
Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic versions of the software IP base and IP services images)
and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic versions of the software IP base and IP services images)
•
Voice aware IEEE 802.1x and mac authentication bypass (MAB) security violation to shut down
only the data VLAN on a port when a security violation occurs
only the data VLAN on a port when a security violation occurs