bpdu protection, none 1-8SSH, disabled 1-4,6-2

SSL, disabled 1-5,7-2

TACACS+

authentication configuration … 4-9authentication, disabled 1-5,4-2login attempts, 3 4-6tacacs-server-timeout, 5 seconds 4-23

TCP port number for SSH connections,

226-18

TCP port number for SSL connections,

4437-19

Telnet access, enabled 1-4traffic filters, none 9-2traffic/security filters, none 1-7UDP destination port for accounting,

1813 5-7

UDP destination port for authentication, 1812 5-7

user authentication, disabled 6-2virus throttling, none 1-8

Web and MAC authentication … 3-3–3-54Web authentication, disabled 1-6Web-browser access, enabled 1-4

denial-of-service

avoid attacks using DHCP snooping … 8-4 monitoring system resources … 8-33

DES 7-3

DHCP Option 82

IP-to-MAC binding database … 8-20,8-28

DHCP protection

See DHCP snooping. DHCP snooping 8-4

authorized server … 8-5 binding database … 8-12 changing remote-id8-11

configuring authorized server address … 8-9 database … 8-5

denial-of-service attack … 8-4 DHCPACK … 8-5 DHCPDECLINE … 8-5 DHCPNACK … 8-5 DHCPOFFER … 8-5 DHCPRELEASE … 8-5 disable MAC check … 8-11 disabling … 8-5

dropping packets … 8-5 enabling … 8-5

debug logging … 8-13 on trusted ports … 8-8 on VLANs … 8-6,8-7

IP-to-MAC binding database … 8-20,8-28 log messages … 8-14

Option 82 … 8-9 option parameter … 8-6remote-id8-10

show configuration … 8-6 stats … 8-6

trust … 8-6untrusted-policy8-10 verify … 8-6

documentation

feature matrix … -xviii latest versions … -xvii

printed in-box publication … -xvii release notes … -xvii

duplicate IP address

effect on authorized IP managers … 12-13

dynamic ARP protection

additional validation checks on ARP packets … 8-21

ARP packet debugging … 8-23 displaying ARP statistics … 8-22 enabling … 8-16

IP-to-MAC binding, adding to DHCP database … 8-20,8-28

trusted ports, configuring … 8-18 verifying configuration … 8-21

Dynamic Configuration Arbiter (DCA)

applying settings to non-authenticated clients … 1-18

hierarchy of precedence in authentication sessions … 1-19

overview … 1-17

dynamic IP lockdown

debugging … 8-31

DHCP binding database … 8-25 DHCP leases … 8-25

DHCP snooping … 8-24 enabling … 8-26

filtering IP addresses … 8-25 overview … 8-23 spoofing protection … 8-24 verifying configuration … 8-29 VLAN binding … 8-25

Index – 5