464
keywords (ACL rules), 249
LAN (ARP attack protection), 415
Layer 2
assignment of authorized ACLs, 120
authentication modes (portal), 117
Auth-Fail VLAN, 119
authorized VLAN, 119
configuring detection (ARP attack protection), 423
IP source guard configuration, 407, 410
IPv4 source guard dynamic binding by DHCP
relay configuration, 413
IPv4 source guard dynamic binding by DHCP
snooping configuration, 411
portal authentication process, 119
static IPv4 source guard binding entry
configuration, 410
Layer 3
AAA across MPLS L3VPNs, 10
ARP attack detection with DHCP snooping
configuration, 426
ARP attack protection restricted forwarding
configuration, 429
ARP detection with 802.1X support configuration,
428
authentication modes (portal), 117
configuring authorized ARP, 419
configuring online portal user detection, 135
configuring portal stateful failover, 132
enabling portal authentication, 128
implementing ACL-based IPsec, 248
IPsec configuration, 243, 248, 270
IPsec RRI, 247
packet filtering firewall, 345
portal authentication process, 120
portal stateful failover, 123
specifying portal server for authentication, 127
URPF configuration, 437, 438
link (portal stateful failover), 154
local user (AAA), 16
log export (session logging), 366
logging
configuring session log export, 366
configuring session logging, 365
enabling session logging, 365
logging off portal users, 138
setting session logging thresholds, 366
MAC
address.
See
MAC address
authentication.
See
MAC authentication
authorized VLAN, 119
enabling source MAC consistency check for
packet (ND attack defense), 436
IP source guard configuration, 407, 410
IPv4 source guard dynamic binding by DHCP
relay configuration, 413
IPv4 source guard dynamic binding by DHCP
snooping configuration, 411
learning control (port security mode), 174
port security autoLearn configuration, 183
port security configuration, 173, 183
port security userLoginWithOUI configuration, 185
static IPv4 source guard binding entry
configuration, 410
MAC address
cannot configure secure MAC addresses (port
security), 193
configuring ARP packet source consistency check,
418
configuring MAC authentication, 104, 106, 108
configuring NTK (port security), 179
configuring secure MAC addresses (port security),
181
controlling learning (port security), 175
port security macAddressElseUserLoginSecure
configuration, 190