C H A P T E R
2
Security Features Overview
•
Security Features Overview, page 13
Security Features Overview
The switch supports a LAN base image or a LAN lite image with a reduced feature set, depending on switch
hardware. The security features are as follows:
•
FIPS Certification
Cisco IOS XE Release 15.0(2)XE on the Catalyst 2960-X switch has been submitted for certification
under FIPS 140-2 and Common Criteria compliance with the US Government, Security Requirements
for Network Devices.
FIPS 140-2 is a cryptographic-focused certification, required by many government and enterprise
customers, which ensures the compliance of the encryption and decryption operations performed by the
switch to the approved FIPS cryptographic strengths and management methods for safeguarding these
operations.
•
IPv6 First Hop Security
—
A suite of security features to be applied at the first hop switch to protect
against vulnerabilities inherent in IPv6 networks. These include, Binding Integrity Guard (Binding
Table), Router Advertisement Guard (RA Guard), DHCP Guard, IPv6 Neighbor Discovery Inspection
(ND Guard).
•
Web Authentication
—
Allows a supplicant (client) that does not support IEEE 802.1x functionality to
be authenticated using a web browser.
To use Web Authentication, the switch must be running the LAN Base image.
Note
•
Local Web Authentication Banner
—
A custom banner or an image file displayed at a web authentication
login screen.
•
IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29434-01
13