- Securing Layer 2
- Port-Level Traffic Controls
- Private VLAN (PVLAN)
- Access Lists on Switches
- Spanning Tree Protocol Features
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Advanced Integrated Security Features on High-End Catalyst Switches
- Control Plane Policing (CoPP) Feature
- CPU Rate Limiters
- Layer 2 Security Best Practices
- Summary
- References
Advanced Integrated Security Features on High-End Catalyst Switches
In addition to the features previously discussed, several integrated security features are available on high-end catalyst switches such as the Catalyst 6500 series and the Catalyst 7600 series switches. These features provide protection from excessive or unnecessary traffic and against various types of DoS attacks.
The Cisco Catalyst series switches offer a strong set of integrated security features, including the following: hardware- and software-based CPU rate limiters (for DoS protection), user-based rate limiting, hardware-based MAC learning, uRPF check in hardware, TCP intercept hardware acceleration, and most important, the Control Plane Policing (CoPP) feature. CoPP is also supported on all Cisco Integrated Services Routers (ISRs). One of the main advantages is that most of these integrated security features are based on hardware and can be enabled concurrently with no performance penalty.