Cisco 2975 - Catalyst LAN Base Switch Ficha de datos - Página 3
Navegue en línea o descargue pdf Ficha de datos para Interruptor Cisco 2975 - Catalyst LAN Base Switch. Cisco 2975 - Catalyst LAN Base Switch 14 páginas. Stackable switch
También para Cisco 2975 - Catalyst LAN Base Switch: Manual de introducción (17 páginas), Boletín de productos (2 páginas), Folleto (19 páginas)
Data Sheet
services that consistently address these requirements from the desktop to the core and through
the WAN.
Cisco Catalyst Intelligent Ethernet switches help you realize the full benefits of adding intelligent
services into your networks. Deploying capabilities that make the network infrastructure highly
available to accommodate time-critical needs, scalable to accommodate growth, secure enough to
protect confidential information, and capable of differentiating and controlling traffic flows is critical
to further optimizing network operations.
Enhanced Security
The wide range of security features that the Cisco Catalyst 2975 LAN Base Switch offers helps you
protect important information, keep unauthorized people off the network, guard privacy, and
maintain uninterrupted operation.
The Cisco Identity-Based Networking Services (IBNS) solution provides authentication, access
control, and security policy administration to secure network connectivity and resources. Cisco
IBNS in the Cisco Catalyst 2975 LAN Base Switch prevents unauthorized access and helps ensure
that users get only their designated privileges. It provides the ability to dynamically administer
granular levels of network access. Using the 802.1x standard and the Cisco Secure Access
Control Server (ACS), users can be assigned a VLAN upon authentication, regardless of where
they connect to the network. This setup allows IT departments to enable strong security policies
without compromising user mobility and with minimal administrative overhead.
To guard against denial-of-service (DoS) and other attacks, ACLs can be used to restrict access to
sensitive portions of the network by denying packets based on source and destination MAC
addresses, IP addresses, or TCP/User Datagram Protocol (UDP) ports. ACL lookups are done in
hardware, so forwarding performance is not compromised when ACL-based security is
implemented.
Port security can be used to limit access on an Ethernet port based on the MAC address of the
device to which it is connected. It also can be used to limit the total number of devices plugged into
a switch port, thereby protecting the switch from a MAC flooding attack as well as reducing the
risks of rogue wireless access points or hubs.
With Dynamic Host Configuration Protocol (DHCP) snooping, DHCP spoofing can be thwarted by
allowing only DHCP requests (but not responses) from untrusted user-facing ports. Additionally,
the DHCP Interface Tracker (Option 82) feature helps enable granular control over IP address
assignment by augmenting a host IP address request with the switch port ID.
The MAC Address Notification feature can be used to monitor the network and track users by
sending an alert to a management station so that network administrators know when and where
users entered the network. Secure Shell Protocol Version 2 (SSHv2) and Simple Network
Management Protocol Version 3 (SNMPv3) encrypt administrative and network-management
information, protecting the network from tampering or eavesdropping. TACACS+ or RADIUS
authentication enables centralized access control of switches and restricts unauthorized users
from altering the configurations. Alternatively, a local username and password database can be
configured on the switch itself. Fifteen levels of authorization on the switch console and two levels
on the web-based management interface provide the ability to give different levels of configuration
capabilities to different administrators.
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 14