Term
|
Definition
| acts as an 802.1x authenticator |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
The flow from the supplicant (the end-user
device) to the switch transports the EAP message directly in an Ethernet frame with an
encapsulation called EAP over LAN (EAPoL). |
|
|
Term
|
Definition
The flow from the authenticator (switch) to
the authentication server flows in an IP packet. In fact, it looks much like a normal message
used by the RADIUS protocol (RFC 2865). The RADIUS protocol works as a UDP application,
with an IP and UDP header |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
■ IOS does login authentication for the console, vty, and aux port, by default, based on
the setting of the aaa authentication login default global command.
■ The aaa authentication login default method1 method2… global command lists different
authentication methods, including referencing a AAA group to be used (as shown at
the bottom of Figure 6-5).
■ The methods include: a defined AAA group of AAA servers; local, meaning a locally
configured list of usernames/passwords; or line, meaning to use the password defined by
the password line subcommand. |
|
|
Term
|
Definition
DHCP snooping on a switch acts like a firewall or an ACL in many ways. It will watch for
incoming messages on either all ports or some ports (depending on the configuration). It
will look for DHCP messages, ignoring all non-DHCP messages and allowing those through.
For any DHCP messages, the switch’s DHCP snooping logic will make a choice: allow the
message or discard the message.
To be clear, DHCP snooping is a Layer 2 switch feature, not a router feature. Specifically,
any switch that performs Layer 2 switching, whether it does only Layer 2 switching or acts
as a multilayer switch, typically supports DHCP snooping. DHCP snooping must be done
on a device that sits between devices in the same VLAN, which is the role of a Layer 2
switch rather than a Layer 3 switch or router. |
|
|
Term
| Summarizing DHCP Snooping Features |
|
Definition
Trusted ports: Trusted ports allow all incoming DHCP messages.
Untrusted ports, server messages: Untrusted ports discard all incoming messages that are
considered server messages.
Untrusted ports, client messages: Untrusted ports apply more complex logic for messages
considered client messages. They check whether each incoming DHCP message
conflicts with existing DHCP binding table information and, if so, discard the DHCP message.
If the message has no conflicts, the switch allows the message through, which typically
results in the addition of new DHCP Binding Table entries.
Rate limiting: Optionally limits the number of received DHCP messages per second, per
port.
From |
|
|
Term
| Switch Stacking of Access Layer Switches |
|
Definition
■ The stack would have a single management IP address.
■ The engineer would connect with Telnet or SSH to one switch (with that one management
IP address), not multiple switches.
■ One configuration file would include all interfaces in all four physical switches.
■ STP, CDP, VTP would run on one switch, not multiple switches.
■ The switch ports would appear as if all are on the same switch.
■ There would be one MAC address table, and it would reference all ports on all physical
switches. |
|
|
