• TACACS+ and RADIUS, which help enable centralized control of the switch and restrict unauthorized users from altering the configuration
• Standard and extended ACLs on all ports
• IEEE 802. 1x user authentication (with VLAN assignment, voice VLAN, port security, guest VLAN, private guest VLAN, private VLAN, and RADIUS-supplied session timeout extensions)
• IEEE 802.1x accounting
• IEEE 802. 1x authentication failure
• IEEE 802. 1x private VLAN assignment
• IEEE 802. 1x private guest VLAN
• IEEE 802. 1x RADIUS-supplied timeout
• IEEE 802.1x MAC authentication bypass
• IEEE 802.1x inaccessible authentication bypass
• Cisco Network Admission Control (NAC) Layer 2 IEEE 802.1x
• Cisco NAC Layer 2 IP
• Cisco NAC Layer 2 IP inaccessible authentication bypass
• Trusted boundary
• RACLs on all ports (no performance penalty)
• VACLs
• PACLs
• PVLANs on access and trunk ports
• VTPv3
• DHCP snooping
• DHCP Option 82
• DHCP Option 82 insertion
• DHCP Option 82 pass-through
• Port security
• Port security for PVLAN ports
• Sticky port security
• Secure Shell (SSH) Protocol Versions 1 and 2
• VLAN Management Policy Server (VMPS) client
• Unicast MAC address filtering
• Unicast port flood blocking
• Dynamic Address Resolution Protocol (ARP) inspection
• IP Source Guard
• Community PVLANs
• Trunk port security
• IEEE 802.1x inaccessible authentication bypass
• MAC authentication bypass
• Control plane policing
• IEEE 802.1x unidirectional controlled port
• Voice VLAN sticky port security
• Secure Copy Protocol (SCP)
• Cisco EtherChannel trunk port security |