MLS OPTIMIZATION AND SECURITY

SPAN enables you to capture traffic on one or more ports, including VLANs (VSPAN), and redirect to a port with a protocol analyzer or probe connected to it. Use the monitor session command to configure SPAN. RSPAN enables you to capture traffic on one switch, but redirect it to a port on another switch.

Use the show module command to list installed modules and the session slot command to gain access to the NAM. The NAM can gather RMON statistics for the Catalyst switch it's installed in. The processing of traffic must be done by a remote RMON management station. The NAM has two logical ports: 0 is for the IP addressing information and 1 captures traffic.

Use the enable secret command to secure Privilege EXEC access. Use the access-list and access-class commands to secure Telnet access. Use the aaa new-model command to enable AAA. 802.1x performs user authentication using AAA with RADIUS to authenticate users before the switch enables its port to the user's traffic. Layer 2 switches support three types of ACLS: Router ACLs, QoS ACLs, and VLAN ACLs.

PVLANs provide Layer-2 isolation between devices within the same private VLAN, and have these advantages: require fewer VLANs, fewer IP subnets, fewer default gateway addresses, and maintain VLAN integrity across trunks. There are three PVLAN port types promiscuous, community, and isolated.