Справочник Пользователя для Cisco Catalyst 4948 IOS Enhanced L3 3DES (OSPF, EIGRP, IS-IS, BGP) S49L3EK9-12225EWA=
Модели
S49L3EK9-12225EWA=
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 2 of 5
•
Robust Security
–
Prevention of man-in-the-middle and IP-spoofing attacks
–
Access control lists (ACL)
–
Secure Shell (SSH) Protocol versions 1 and 2
–
Simple Network Management Protocol Version 3 (SNMPv3) for secure remote access and network management
•
Comprehensive management
–
Dedicated 10/100 console port and dedicated 10/100 management port
–
Remote in-band management through SNMP
CISCO IOS SOFTWARE RELEASE 12.2(25)EWA SUPPORT
New Software Features
Per-Port, Per-VLAN Quality of Service
Per-port, per-VLAN quality of service (QoS) offers differentiated quality of services to individual VLANs on a trunk or access port. It allows service
providers to rate-limit individual VLAN-based services on each trunk port to a business or a residence. Per-port, per-VLAN service policy can be
separately applied to either ingress or egress traffic.
Trunk-Port Security
Trunk-port security extends the port security to trunk ports on a per-VLAN basis. It restricts the allowed MAC addresses or the maximum number of
MAC addresses to individual VLANs on a trunk port. Trunk-port security helps service providers to block the access from a station with a different
MAC address than the ones specified for that VLAN on that trunk port. When a trunk-port security violation occurs, the trunk port is either shut
down, or an SNMP trap is generated. Trunk-port security is also supported on private VLAN trunk ports.
802.1x Private VLAN Assignment
The 802.1x private VLAN (PVLAN) assignment feature extends 802.1x VLAN assignment to the PVLAN environment for Layer 2 isolation. When
a port is configured as a PVLAN host port, 802.1x PVLAN assignment authorizes a user to a specified secondary PVLAN. This feature can not be
enabled concurrently on a port with a voice VLAN.
802.1x Private Guest VLAN
The 802.1x private guest VLAN feature extends 802.1x guest VLAN to the PVLAN environment for Layer 2 isolation. When a port is configured
as a PVLAN host port, 802.1x private guest VLAN offers limited network access through a guest secondary PVLAN to users without a 802.1x
supplicant.
802.1x RADIUS-Supplied Session Timeout
The 802.1x RADIUS-supplied timeout feature allows a switch to determine the duration of a session and the action to take when the session’s timer
expires. Based on the value specified by a RADIUS server, a Cisco Catalyst 4500 Series Switch can reauthenticate a host when the timer expires.
This offers a standard mechanism for periodic 802.1x reauthentication based on a configurable timer.
Dynamic Host Configuration Protocol Option 82 Pass Through
Option 82 in a Dynamic Host Configuration Protocol (DHCP) message is typically used to carry additional local information for user-access
tracking. Option 82 is usually inserted or removed by an access switch or a DSL access multiplexer (DSLAM) in service provider environment.
The DHCP option 82 pass-through feature helps enable the Cisco Catalyst 4900 Series to effectively transport these DHCP messages with option
82 in the aggregation layer. It can be activated through switch global configuration.