1-9
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 1 Overview
Features
–
802.1x accounting to track network usage
–
802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame
–
802.1x readiness check to determine the readiness of connected end hosts before configuring
IEEE 802.1x on the switch
–
Voice aware 802.1x security to apply traffic violation actions only on the VLAN on which a
security violation occurs.
–
MAC authentication bypass to authorize clients based on the client MAC address.
–
Network Admission Control (NAC) Layer 2 802.1x validation of the antivirus condition or
posture
of endpoint systems or clients before granting the devices network access.
For information about configuring NAC Layer 2 802.1x validation, see the
“Configuring NAC
Layer 2 802.1x Validation” section on page 12-49
.
–
Network Edge Access Topology (NEAT) with 802.1X switch supplicant, host authorization
with CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant
to another switch.
–
IEEE 802.1x with open access to allow a host to access the network before being authenticated.
–
IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL
downloads from a Cisco Secure ACS server to an authenticated switch.
–
Flexible-authentication sequencing to configure the order of the authentication methods that a
port tries when authenticating a new host.
–
Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled
port.
•
, a proprietary feature for managing network security through a TACACS server
•
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through authentication, authorization, and accounting (AAA) services
•
Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
and message integrity and HTTP client authentication to allow secure HTTP communications
(requires the cryptographic version of the software)
QoS and CoS Features
•
Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues
•
Classification
–
IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS
marking priorities on a per-port basis for protecting the performance of mission-critical
applications
–
IP ToS/DSCP and IEEE 802.1p CoS marking based on flow-based packet classification
(classification based on information in the MAC, IP, and TCP/UDP headers) for
high-performance quality of service at the network edge, allowing for differentiated service
levels for different types of network traffic and for prioritizing mission-critical traffic in the
network
–
Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port
bordering another QoS domain