Once you have secured your switch, you are now ready to configure it to enforce your organization's security policy. Cisco Catalyst switches provide the security features aimed at securing network access found in Table 8-4.
Table 8-4. Cisco Catalyst Switch Security Features Aimed at Securing Network Access
Feature
Description
Port security
Binds a specific MAC address or group of addresses to a particular switch port. Configured on a per-port basis and disables the port if an unauthorized MAC address is seen.
VLAN membership policy server
Uses a central database to bind a MAC address to a specific VLAN. This awkward technology has many restrictions and does not enjoy widespread success.
802.1x
Based on the Extensible Authentication Protocol (EAP), 802.1x provides user-level authentication of devices wanting to connect to the network. RADIUS is used to authenticate users against a centrally managed user database.