Cisco 2960-24LT-L - Catalyst Switch Scheda tecnica - Pagina 11

Sfoglia online o scarica il pdf Scheda tecnica per Interruttore Cisco 2960-24LT-L - Catalyst Switch. Cisco 2960-24LT-L - Catalyst Switch 21. Switching portfolio
Anche per Cisco 2960-24LT-L - Catalyst Switch: Scheda tecnica (11 pagine), Opuscolo e specifiche (10 pagine), Scheda tecnica (28 pagine), Descrizione (1 pagine)

Cisco 2960-24LT-L - Catalyst Switch Scheda tecnica
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Security
● IEEE 802.1x allows dynamic, port-based security, providing user authentication.
Networkwide Security
Features
● IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user
regardless of where the user is connected.
● IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of
the authorized or unauthorized state of the port.
● IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including those of the client.
● IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network
access on the guest VLAN.
● Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based
browser for authentication.
● MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant
to get authenticated using their MAC address.
● Port-based ACLs for Layer 2 interfaces allow application of security policies on individual
switch ports.
● Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC
address.
● Unknown unicast and multicast port blocking allows tight control by filtering packets that the
switch has not already learned how to forward.
● SSHv2 and SNMPv3 provide network security by encrypting administrator traffic during Telnet
and SNMP sessions. SSHv2 and the cryptographic version of SNMPv3 require a special
cryptographic software image because of U.S. export restrictions.
● Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure
intrusion detection system (IDS) to take action when an intruder is detected.
● TACACS+ and RADIUS authentication enable centralized control of the switch and restrict
unauthorized users from altering the configuration.
● MAC address notification allows administrators to be notified of users added to or removed
from the network.
● DHCP snooping allows administrators to ensure consistent mapping of IP to MAC addresses.
This can be used to prevent attacks that attempt to poison the DHCP binding database, and
to rate-limit the amount of DHCP traffic that enters a switch port.
● DHCP Interface Tracker (Option 82) feature augments a host IP address request with the
switch port ID.
● Port security secures the access to an access or trunk port based on MAC address.
● After a specific timeframe, the aging feature removes the MAC address from the switch to
allow another device to connect to the same port.
● Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is
present and to disable the trust setting if the IP phone is removed, thereby preventing a
malicious user from overriding prioritization policies in the network.
● Multilevel security on console access prevents unauthorized users from altering the switch
configuration.
● The user-selectable address-learning mode simplifies configuration and enhances security.
● BPDU Guard shuts down Spanning Tree Protocol PortFast-enabled interfaces when BPDUs
are received to avoid accidental topology loops.
● Spanning-Tree Root Guard (STRG) prevents edge devices not in the network administrator's
control from becoming Spanning Tree Protocol root nodes.
● Voice VLAN aware port security and BPDU Guard allow Voice VLAN traffic to not be
disrupted when security violations occur.
● IGMP filtering provides multicast authentication by filtering out no subscribers and limits the
number of concurrent multicast streams available per port.
● Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy
Server (VMPS) client functions to provide flexibility in assigning ports to VLANs. Dynamic
VLAN helps enable the fast assignment of IP addresses.
● Cisco Network Assistant software security wizards ease the deployment of security features
for restricting user access to a server as well as to a portion of or the entire network.
● Up to 512 (Aces) are supported, with two profiles: Security (384 Security ACL entries and 128
QoS policies), and QoS (128 Security ACL entries and 384 QoS policies).
Data Sheet
Page 11 of 21