Cisco 3750V2 - Catalyst 24 10/100 Scheda tecnica - Pagina 5
Sfoglia online o scarica il pdf Scheda tecnica per Interruttore Cisco 3750V2 - Catalyst 24 10/100. Cisco 3750V2 - Catalyst 24 10/100 20. Cisco catalyst 3750v2-24ps: specifications
Stampa la paginaFlexible authentication (FlexAuth) can be used to determine the order of authentication methods on the
●
network. For example, if the order is set to IEEE 802.1x, MAC authentication bypass (MAB), and WebAuth,
the network will first try to authenticate through IEEE 802.1x, then MAB, and then WebAuth.
Multi-authentication (MultiAuth) enables up to eight users to authenticate through the same switch port. This
●
feature includes support for multiple authentication methods, such as IEEE 802.1x, MAB, and WebAuth, and
per-user ACLs.
Web authentication for non–IEEE 802.1x clients allows non–IEEE 802.1x clients to use an SSL-based
●
browser for authentication.
Local web authentication allows non–IEEE 802.1x users to authenticate through a login webpage. The user
●
enters the authentication information, such as a user ID and password, and is authenticated through an
authentication, authorization, and accounting (AAA) server.
The local web authentication banner allows users to customize the authentication webpage.
●
Multidomain authentication allows an IP phone and a PC to authenticate on the same switch port while
●
placing them on appropriate voice and data VLANs.
MAB for voice allows third-party IP phones without an IEEE 802.1x supplicant to be authenticated using the
●
MAC address.
Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from being bridged within
●
VLANs.
Cisco standard and extended IP security router ACLs (RACLs) define security policies on routed interfaces
●
for control- and data-plane traffic.
Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on individual switch
●
ports.
Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.
●
Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch has not
●
already learned how to forward.
Secure Shell Version 2 (SSHv2), Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3)
●
provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSHv2,
Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because
of U.S. export restrictions.
The Private VLAN Edge feature provides security and isolation between switch ports, helping ensure that
●
users cannot snoop on other users' traffic.
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a
●
broadcast segment into a nonbroadcast multi-access-like segment.
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure Intrusion
●
Detection System (IDS) to take action when an intruder is detected.
TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized
●
users from altering the configuration.
MAC address notification allows administrators to be notified of users added to or removed from the network.
●
Dynamic Address Resolution Protocol (ARP) Inspection (DAI) helps ensure user integrity by preventing
●
malicious users from exploiting the insecure nature of ARP.
DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC addresses. This
●
feature can be used to prevent attacks that attempt to harm the DHCP binding database, and to rate limit the
amount of DHCP traffic that enters a switch port.
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Data Sheet
Page 5 of 20