Filter
Top Products
Cisco EtherSwitch Service Modules Feature Guide
Information About the Cisco EtherSwitch Service Modules
9
Cisco IOS Release 12.2(25)SEC
• Voice VLAN for creating subnets for voice traffic from Cisco IP phones.
• VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The Cisco EtherSwitch service module CPU continues to send and receive
control protocol frames.
Security Features
Note The Kerberos feature listed in this section is available only on the cryptographic versions of the
Cisco EtherSwitch service module software image.
• Password-protected access (read-only and read-write access) to management interfaces for
protection against unauthorized configuration changes
• Multilevel security for a choice of security level, notification, and resulting actions
• Static MAC addressing for ensuring security
• Protected port option for restricting the forwarding of traffic to designated ports on the same
Cisco EtherSwitch service module
• Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
• Port security aging to set the aging time for secure addresses on a port
• BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs
• Standard and extended IP access control lists (ACLs) for defining security policies in both directions
on routed interfaces (router ACLs) and VLANs and inbound on Layer 2 interfaces (port ACLs)
• Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces
• VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the MAC, IP, and TCP/User Datagram Protocol (UDP) headers
• Source and destination MAC-based ACLs for filtering non-IP traffic
• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
• IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
access to the network
–
802.1x with VLAN assignment for restricting 802.1x-authenticated users to a specified VLAN
–
802.1x with port security for controlling access to 802.1x ports
–
802.1x with voice VLAN to permit IP phone access to the voice VLAN regardless of the
authorized or unauthorized state of the port
–
802.1x with guest VLAN to provide limited services to non-802.1x-compliant users
• TACACS+, a proprietary feature for managing network security through a TACACS server
• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through authentication, authorization, and accounting (AAA) services