Table 1
Product Features and Benefits (Continued)
Feature
Granular Rate Limiting
Security
Network-wide Security
Features
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Benefit
• Cisco Committed Information Rate (CIR) function guarantees bandwidth in
increments as low as 8 Kbps.
• Rate limiting is provided based on source and destination IP address, source and
destination MAC address, Layer 4 TCP/UDP information, or any combination of
these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy
maps.
• Asynchronous data flows upstream and downstream from the end station or
on the uplink are easily managed using ingress policing and egress shaping.
• Up to 64 aggregate or individual policers are available per Fast Ethernet or
Gigabit Ethernet port.
• IEEE 802.1x allows dynamic, port-based security, providing user authentication.
• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a
specific user regardless of where the user is connected.
• IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN
irrespective of the authorized or unauthorized state of the port.
• IEEE 802.1x and port security are provided to authenticate the port and manage
network access for all MAC addresses, including that of the client.
• IEEE 802.1x with an ACL assignment allows for specific identity-based security
policies regardless of where the user is connected.
• IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have
limited network access on the Guest VLAN.
• Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows
to be bridged within VLANs.
• Cisco standard and extended IP security Router ACLs (RACLs) define security
policies on routed interfaces for control-plane and data-plane traffic.
• Port-based ACLs (PACLs) for Layer 2 interfaces allow security policies to be
applied on individual switch ports.
• Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management
Protocol Version 3 (SNMPv3) provide network security by encrypting
administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the
cryptographic version of SNMPv3 require a special cryptographic software
image due to U.S. export restrictions.
• Private VLAN Edge provides security and isolation between switch ports, which
helps ensure that users cannot snoop on other users' traffic.
• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows
Cisco Secure Intrusion Detection System (IDS) to take action when an intruder
is detected.
Cisco Systems, Inc.
Page 8 of 22
ページを印刷する