CHAP TER
65-1
User Guide for Cisco Security Manager 4.4
OL-28826-01
65
Managing Cisco Catalyst Switches and Cisco 7600 Series Routers
Cisco Security Manager supports the management and configuration of security services and other
platform-specific services on Cisco Catalyst switches and Cisco 7600 Series routers.
You can manage Catalyst switches and 7600 devices configured in VTP transparent or VTP client/server
mode. Security Manager manages switches configured in client/server mode by bypassing VLAN
database management on the device (including VLAN creation, deletion, and monitoring VLANs in the
VLAN database on switches).
This chapter contains the following topics:
Discovering Policies on Cisco Catalyst Switches and Cisco 7600 Series Routers, page 65-1
Viewing Catalyst Summary Information, page65-2
Viewing a Summary of Catalyst Interfaces, VLANs, and VLAN Groups, page 65-3
Interfaces, page 65-5
VLANs, page 65-25
VLAN Groups, page 65-31
VLAN ACLs (VACLs), page 65-36
IDSM Settings, page 65-44

Discovering Policies on Cisco Catalyst Switches and Cisco 7600

Series Routers

You can discover the configurations of your Cisco Catalyst switches and Cisco 7600 Series Routers (as
well as the configurations of the services modules and security contexts associated with them) and
import the configurations as policies into Security Manager. This makes it possible to add existing
devices and manage them with Security Manager without having to configure each device manually,
policy by policy. For more information, see Adding Devices to the Device Inventory, page 3-6.
You can discover any command that Security Manager can configure. Discovery ignores unsupported
commands, which means that they are left intact on the device even after subsequent deployments.
Additionally, in cases where Security Manager can discover the command, but not all the subcommands
and keywords related to that command, the unsupported elements are ignored and left intact on the
device.