IBM 3110X User Guide - Page 6

z Password-protected access (read-only and write-only access) to management interfaces (the device manager and CLI) for protection against unauthorized configuration changes. z Port security option for limiting and identifying MAC addresses of the station allowed to access the port. z Port security aging to set the aging time for secure addresses on a port. z Multilevel security for a choice of security level, notification, and resulting actions. z MAC-based port-level security for restricting the use of a switch port to a specific group of source addresses and preventing switch access from unauthorized stations. z MAC-based access control lists (ACLs). z Standard and extended IP access control lists (ACLs) for defining security policies on Layer 3 (router ACLs) and Layer 2 (port ACLs) interfaces. z Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for managing network security through a TACACS server. z RADIUS for verifying the identity of, granting access to, and tracking activities of remote users. z IEEE 802.1X port-based authentication to prevent unauthorized devices from gaining access to the network. z IEEE 802.1X port-based authentication with VLAN assignment for restricting 802.1X-authenticated users to a specified VLAN. z IEEE 802.1X port-based authentication with port security for authenticating the port and managing network access for all MAC addresses, including that of the client. z IEEE 802.1X port-based authentication with voice VLAN to allow an IP phone access to the voice VLAN irrespective of the authorized or unauthorized state of the port. z IEEE 802.1X port-based authentication with guest VLAN to provided limited services to non-802.1X-compliant users. z IEEE 802.1X accounting to track network usage. z Quality of Service (QoS) and Class of Service (CoS) z Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying traffic and configuring egress queues. z Cross-stack QoS for configuring QoS features to all switches in a switch stack rather than on an individual-switch basis. z Classification z IP Type of Service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS marking priorities on a per-port basis for protecting the performance of mission-critical applications. z IP ToS/DSCP and IEEE 802.1p CoS marking for flow-based packet classification (classification based on information in the MAC, IP, and TCP/UDP headers) for high-performance QoS at the network edge, allowing for differentiated service levels for different types of network traffic and prioritizing mission-critical traffic in the network. z Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port bordering another QoS domain. z Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value received, and ensuring port security. Cisco Catalyst Switch Modules 3110G and 3110X for IBM BladeCenter 6