A Catalyst switch on its own has configurable levels for broadcast control and storm control, but it doesn't have much
intelligence beyond x number of frames per second tracking.
You'd have to look up the NAC / Clean Access product page here
for more info. As I've never worked on or deployed a
NAC solution before, I can't offer much more Uncle Paul. I also suspect some combination of internal IDS / IPS may
have been part of the solution as well where you last worked.
Just my 00000010bits.