6
•
Unicast Reverse Path Forwarding (uRPF): is
defined by RFC 3704 and limits erroneous or
malicious traffic
•
Static IPv6 routing: provides simple, manually
configured IPv6 routing
•
Dual IP stack: maintains separate stacks for IPv4
and IPv6 to ease transition from an IPv4-only
network to an IPv6-only network design
•
Routing Information Protocol next
generation (RIPng): extends RIPv2 to support
IPv6 addressing
•
OSPFv3: provides OSPF support for IPv6
•
IS-IS for IPv6: extends IS-IS to support IPv6
addressing
•
BGP+: extends BGP-4 to support Multiprotocol BGP
(MBGP), including support for IPv6 addressing
•
IPv6 tunneling: is an important element for the
transition from IPv4 to IPv6; allows IPv6 packets to
traverse IPv4-only networks by encapsulating the
IPv6 packet into a standard IPv4 packet; supports
manually configured, 6to4, and Intra-Site Automatic
Tunnel Addressing Protocol (ISATAP) tunnels
•
Multiprotocol Label Switching (MPLS): uses
BGP to advertise routes across Label Switched Paths
(LSPs), but uses simple labels to forward packets
from any Layer 2 or Layer 3 protocol, thus reducing
complexity and increasing performance; supports
graceful restart for reduced failure impact; supports
LSP tunneling and multilevel stacks
•
Multiprotocol Label Switching (MPLS) Layer
3 VPN: allows Layer 3 VPNs across a provider
network; uses MP-BGP to establish private routes for
increased security; supports RFC 2547bis multiple
autonomous system VPNs for added flexibility
•
Multiprotocol Label Switching (MPLS) Layer
2 VPN: establishes simple Layer 2 point-to-point
VPNs across a provider network using only MPLS
Label Distribution Protocol (LDP); requires no routing
and therefore decreases complexity, increases
performance, and allows VPNs of non-routable
protocols; uses no routing information for increased
security; supports Circuit Cross Connect (CCC),
Static Virtual Circuits (SVCs), Martini draft, and
Kompella-draft technologies
•
Virtual Private LAN Service (VPLS):
establishes point-to-multipoint Layer 2 VPNs across a
provider network
•
Service loopback: allows any module to take
advantage of higher featured modules, including
OAA modules by redirecting traffic; reduces
investment and enables higher bandwidth and load
sharing; supports IPv6, IPv6 multicast, tunneling, and
MPLS
Security
•
Access control list (ACL): supports powerful
ACLs for both IPv4 and IPv6; ACLs are used for
filtering traffic to prevent unauthorized users from
accessing the network, or for controlling network
traffic to save resources; rules can either deny or
permit traffic to be forwarded; rules can be based
on a Layer 2 header or a Layer 3 protocol header;
rules can be set to operate on specific dates or times
•
RADIUS: eases switch security access
administration by using a password authentication
server
•
TACACS+: is an authentication tool using TCP with
encryption of the full authentication request that
provides additional security
•
Switch management logon security: can
require either RADIUS or TACACS+ authentication
for secure switch CLI logon
•
Secure Shell (SSHv2): uses external servers to
securely log in to a remote device; with
authentication and encryption, it protects against IP
spoofing and plain-text password interception;
increases the security of Secure FTP (SFTP) transfers
•
DHCP snooping: ensures DHCP clients receive IP
addresses from authorized DHCP servers and
maintains a list of DHCP entries for trusted ports;
prevents users from receiving fake IP addresses and
reduces ARP attacks, improving security
•
IP source guard: filters packets on a per-port
basis to prevent illegal packets from being
forwarded
•
ARP attack protection: protects from attacks
using a large number of ARP requests by using a
host-specific, user-selectable threshold
•
Port security: allows access only to specified
MAC addresses, which can be learned or specified
by the administrator
•
IEEE 802.1X: provides port-based user
authentication with support for Extensible
Authentication Protocol (EAP) MD5, TLS, TTLS, and
PEAP with choice of AES, TKIP, and static or
dynamic WEP encryption for protecting wireless
traffic between authenticated clients and the access
point
To Next Page
Loading...
Need help?
General
