Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco
  4. IOS Software for the Cisco Catalyst 4500 Series Supervisor Engine
  5. Manual De Usuario

Cisco IOS Software for the Cisco Catalyst 4500 Series Supervisor Engine S4KL3K2-12119EW= Manual De Usuario

Los códigos de productos
S4KL3K2-12119EW=
Descargar
Página de 9
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 9
bindings. Dynamic ARP Inspection helps prevent the man-in-the-middle attacks by not relaying invalid ARP replies
out to other ports in the same VLAN. It is a solution with no change to the end user or host configurations. Denied
ARP packets are logged by the switch for auditing. Incoming ARP packets on the trusted ports or isolated private
VLAN (PVLAN) trunks are not inspected.
IP Source Guard
IP source guard provides per-port IP traffic filtering of the assigned source IP addresses at wire speed. It is a unique
Cisco Catalyst 4500 Series IOS Software feature that helps mitigate IP spoofing. It dynamically maintains per-port
VLAN ACLs (VACLs) based on IP to MAC to switch port bindings. The binding table is populated either by the
DHCP snooping feature or through static configuration of entries. IP source guard prevents a malicious host from
attacking the network by hijacking its neighbor’s IP address. IP source guard is typically deployed for untrusted
switch ports in the access layer.
802.1x with VLAN Assignment
The 802.1x with VLAN assignment feature authorizes a user for an associated VLAN. This is achieved by
maintaining a username-to-VLAN mapping database on the Remote Authentication Dial-In User Service (RADIUS)
server. Following successful 802.1x authentication, the RADIUS server sends the VLAN name to the switch for that
particular user, and the switch configures the authenticated port for the specified VLAN.
802.1x with Guest VLAN
When 802.1x is enabled on an access port, a user without an 802.1x client is typically denied access to the network.
The 802.1x with guest VLAN feature offers limited network access through a guest VLAN to those users. It is usually
deployed in a lobby or in customer briefing areas.
PACL
PACL is a security ACL feature applied to Layer 2 switch ports. PACL filters traffic to and from Layer 2 switch ports
with permit and deny actions, based on Layer 3 and 4 header information or non-IP Layer 2 information. By default,
PACL actions override VLAN-based ACLs. Both input and output PACLs are supported. PACLs can be configured
on physical ports and channel ports. PACLs are typically used to limit IP address use per customer on access ports,
by restricting a port to one IP address. PACLs can be deployed along with PVLANs to separate users from each other
on the same subnet.
Port Flood Blocking
By default, a switch floods packets with unknown destination MAC addresses to all Ethernet ports. In certain
configurations, such flooding is neither needed nor desired. For example, a port with only manually assigned address
or only one connected host has no unknown destination. Flooding serves no purpose for such a port. Port flood
blocking allows a user to disable the flooding of unicast and multicast packets on a per-port basis.