1-11
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 1 Overview Features
IP phone detection enhancement to detect and recognize a Cisco IP phone
Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users
Restricted VLAN to provide limited services to users who are IEEE 802.1x compliant, but do
not have the credentials to authenticate via the standard IEEE 802.1x processes
IEEE 802.1x accounting to track network usage
IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt
of a specific Ethernet frame
Voice aware IEEE 802.1x security to apply traffic violation actions only on the VLAN on which
a security violation occurs
Network Edge Access Topology (NEAT) with 802.1x switch supplicant, host authorization with
CISP, and auto enablement to authenticate a switch outside a wiring closet as a supplicant to
another switch.
IEEE 802.1x authentication with downloadable ACLs and redirect URLs to allow per-user ACL
downloads from a Cisco Secure ACS server to an authenticated switch.
Multiple-user authentication to allow more than one host to authenticate on an 802.1x-enabled
port.
MAC authentication bypass to authorize clients based on the client MAC address.
Voice aware IEEE 802.1x and mac authentication bypass (MAB) security violation to shut down
only the data VLAN on a port when a security violation occurs
Network Admission Control (NAC) features:
NAC Layer 2 IEEE 802.1x validation of the antivirus condition or posture of endpoint systems
or clients before granting the devices network access.
For information about configuring NAC Layer 2 IEEE 802.1x validation, see the “Configuring
NAC Layer 2 IEEE 802.1x Validation” section on page 11-58.
NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the
devices network access.
For information about configuring NAC Layer 2 IP validation, see the Network Admission
Control Software Configuration Guide.
IEEE 802.1x inaccessible authentication bypass.
For information about configuring this feature, see the Configuring the Inaccessible
Authentication Bypass Feature” section on page 11-53.
Authentication, authorization, and accounting (AAA) down policy for a NAC Layer 2 IP
validation of a host if the AAA server is not available when the posture validation occurs.
For information about this feature, see the Network Admission Control Software Configuration
Guide.
TACACS+, a proprietary feature for managing network security through a TACACS server
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through AAA services
Kerberos security system to authenticate requests for network resources by using a trusted third
party
Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,
and message integrity and HTTP client authentication to allow secure HTTP communications