1-40
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 1 Product Overview
Security Features
IPsec VPN
When a growing organization expands to multiple locations, one of the challenges it faces is how to
interconnect remote sites to the corporate network. As network security risks increase and regulatory
compliance becomes essential, it is important to address these critical needs.
You can dramatically increase the reach of your network without significantly expanding your
infrastructure by using Cisco IOS IPsec VPNs. IPsec is a standards-based encryption technology that
enables you to securely connect branch offices and remote users and provides significant cost savings
compared to traditional WAN access such as Frame Relay or ATM. IPsec VPNs provide high levels of
security through encryption and authentication, protecting data from unauthorized access.
For additional information, refer to the following URL:
http://www.cisco.com/en/US/products/ps6635/products_ios_protocol_group_home.html
Local Authentication, RADIUS, and Authentication
Local Authentication, Remote Authentication Dial-In User Service (RADIUS), and Terminal Access
Controller Access Control System Plus () authentication methods control access to the switch.
For additional information, refer to the following URL:
Network Admission Control
Network Admission Control consists of two features:
•
NAC Layer 2 IP validation
NAC Layer 2 IP is an integral part of Cisco Network Admission Control. It offers the first line of
defense for infected hosts (PCs and other devices attached to a LAN port) attempting to connect to
the corporate network. NAC Layer 2 IP on the Catalyst 4500 series switch performs posture
validation at the Layer 2 edge of the network for non-802.1x-enabled host devices. Host device
posture validation includes antivirus state and OS patch levels. Depending on the corporate access
policy and host device posture, a host may be unconditionally admitted, admitted with restricted
access, or quarantined to prevent the spread of viruses across the network.
For more information on Layer 2 IP validation, see the URL:
•
NAC Layer 2 802.1X authentication
The Catalyst 4500 series switch extends NAC support to 802.1x-enabled devices. Like NAC Layer
2 IP, the NAC Layer 2 802.1x feature determines the level of network access based on endpoint
information.
For more information on 802.1X identity-based network security, see
Summary of Contents for Catalyst 4500 Series
Page 2: ......
Page 4: ......
Page 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...