1-12
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter1 Product Overview
Security Features
Remote SPAN (RSPAN) is an extension of SPAN, where source ports and destination ports are
distributed across multiple switches, allowing remote monitoring of multiple switches across the
network. The traffic for each RSPAN session is carried over a user-specified RSPAN VLAN that is
dedicated for that RSPAN session on all participating switches.
For information on RSPAN, see Chapter37, “Configuring SPAN and RSPAN.”
Security Features
The Catalyst 4500 series switch offers network management and contro l through the CLI or through
alternative access methods, such as SNMP. The switch software supports these security features:
Network Security with ACLs, page 1-14
802.1X Identity-Based Network Security, page 1-13
Dynamic ARP Inspection, page 1-13
Dynamic Host Configuration Protocol Snooping, page 1-13
Flood Blocking, page 1-13
IP Source Guard, page 1-14
Local Authentication, RADIUS, and TACACS+ Authentication, page 1-14
Network Security with ACLs, page 1-14
Port Security, page 1-14
Storm Control, page 1-15
Utilities, page 1-15

Network Admission Control (NAC)

NAC supports consists of two features:
NAC Layer 2 IP Validation
NAC L2 IP is an integral part of Cisco Network Admission Control. It offers the first line of defense
for infected hosts (PCs and other devices attached to a LAN port) attempting to connect to the
corporate network. NAC L2 IP on the Cisco Catalyst 4500 Series performs pos ture validation at the
Layer 2 edge of the network for non-802.1x-enabled host devices. Host device posture validation
includes anti-virus state and OS patch levels. Depending on the co rporate access policy and host
device posture, a host may be unconditionally admitted, admitted with restricted access, or
quarantined to prevent the spread of viruses across the network.
For more information on Layer 2 IP validation, see the URL:
http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_configuration_guide09186a0080
5764fd.html
NAC Layer 2 802.1X Authentication
The Cisco Catalyst 4500 Series extends NAC support to 802.1x-enabled devices. Like NAC L2 IP,
the NAC L2 802.1x feature determines the level of network access based on endpoint informa tion.
For more information on 802.1X identity-based network security, see Chapter29, “Understanding
and Configuring 802.1X Port-Based Authentication.”