Cisco Systems 3560X Manual De Usuario
1-12
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 1 Overview
Features
•
IEEE 802.1x readiness check to determine the readiness of connected end hosts before configuring
IEEE 802.1x on the switch
IEEE 802.1x on the switch
•
Support for IP source guard on static hosts
•
RADIUS Change of Authorization (CoA) to change the attributes of a certain session after it is
authenticated. When there is a change in policy for a user or user group in AAA, administrators can
send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize
authentication, and apply to the new policies
authenticated. When there is a change in policy for a user or user group in AAA, administrators can
send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize
authentication, and apply to the new policies
•
IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to
improve scalability of the network by load balancing users across different VLANs. Authorized
users are assigned to the least populated VLAN in the group, assigned by RADIUS server
improve scalability of the network by load balancing users across different VLANs. Authorized
users are assigned to the least populated VLAN in the group, assigned by RADIUS server
•
Support for critical VLAN with multiple-host authentication so that when a port is configured for
multi-auth, and an AAA server becomes unreachable, the port is placed in a critical VLAN in order
to still permit access to critical resources
multi-auth, and an AAA server becomes unreachable, the port is placed in a critical VLAN in order
to still permit access to critical resources
•
Customizable web authentication enhancement to allow the creation of user-defined login, success,
failure and expire web pages for local web authentication
failure and expire web pages for local web authentication
•
Support for Network Edge Access Topology (NEAT) to change the port host mode and to apply a
standard port configuration on the authenticator switch port
standard port configuration on the authenticator switch port
•
VLAN-ID based MAC authentication to use the combined VLAN and MAC address information for
user authentication to prevent network access from unauthorized VLANs
user authentication to prevent network access from unauthorized VLANs
•
MAC move to allow hosts (including the hosts connected behind an IP phone) to move across ports
within the same switch without any restrictions to enable mobility. With MAC move, the switch
treats the reappearance of the same MAC address on another port in the same way as a completely
new MAC address
within the same switch without any restrictions to enable mobility. With MAC move, the switch
treats the reappearance of the same MAC address on another port in the same way as a completely
new MAC address
•
Support for 3DES and AES with version 3 of the Simple Network Management Protocol (SNMPv3).
This release adds support for the 168-bit Triple Data Encryption Standard (3DES) and the 128-bit,
192-bit, and 256-bit Advanced Encryption Standard (AES) encryption algorithms to SNMPv3
This release adds support for the 168-bit Triple Data Encryption Standard (3DES) and the 128-bit,
192-bit, and 256-bit Advanced Encryption Standard (AES) encryption algorithms to SNMPv3
•
Support for the Security Group Tag (SCT) Exchange Protocol (SXP) component of Cisco TrustSec,
a security architecture using authentication, encryption, and access control (supported only on
switches running the IP base or IP services feature set).
a security architecture using authentication, encryption, and access control (supported only on
switches running the IP base or IP services feature set).
•
Support for IEEE 802.1AE Media Access Control Security (MACsec) to provide MAC-layer
encryption over wired networks using out-of-band methods for encryption keying. The MACsec Key
Agreement (MKA) protocol provides the session keys and manages encryption keys (supported only
on switches running the IP base or IP services feature set).
encryption over wired networks using out-of-band methods for encryption keying. The MACsec Key
Agreement (MKA) protocol provides the session keys and manages encryption keys (supported only
on switches running the IP base or IP services feature set).
QoS and CoS Features
•
Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues
traffic and configuring egress queues
•
Cross-stack QoS for configuring QoS features to all switches in a switch stack rather than on an
individual-switch basis (only Catalyst 3750-X switches)
individual-switch basis (only Catalyst 3750-X switches)