Cisco 2950 - Catalyst Switch 데이터시트 - 페이지 10

{카테고리_이름} Cisco 2950 - Catalyst Switch에 대한 데이터시트을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco 2950 - Catalyst Switch 20 페이지. Long-reach ethernet switches
Cisco 2950 - Catalyst Switch에 대해서도 마찬가지입니다: 솔루션 매뉴얼 (17 페이지), 제품 게시판 (3 페이지), 제품 지원 게시판 (5 페이지), 마이그레이션 매뉴얼 (25 페이지), 제품 지원 게시판 (6 페이지), 시작하기 매뉴얼 (29 페이지), 매뉴얼 (19 페이지)

페이지 인쇄

Feature

Security

Network-Wide Security

Features

Beneﬁt

• Filtering of incoming trafﬁc ﬂows based on Layer 2, Layer 3 or Layer 4 access control

parameters (ACPs) prevents unauthorized data ﬂows.

– The following Layer 2 ACPs or a combination can be used for security classiﬁcation

of incoming packets: source Media Access Control (MAC) address, destination MAC

address, and 16-bit Ethertype.

– The following Layer 3 and Layer 4 ﬁelds or a combination can be used for security

classiﬁcation of incoming packets: source IP address, destination IP address, TCP

source or destination port number, User Datagram Protocol (UDP) source, or

destination port number. ACLs can also be applied to ﬁlter based on DSCP-values.

– Time-based ACLs allow conﬁguration of differentiated services based on

time-periods.

• Secure Shell Protocol (SSH) provides secure login sessions and other

communications between two untrusted hosts over an insecure network by

encrypting the entire session. SSH features strong cryptographic authentication,

strong encryption, and integrity protection. To use this feature, the crypto (encrypted)

Catalyst 2950 LRE software image must be installed on your switch.

• SNMPv3 with encryption provides secure access to devices by authenticating and

encrypting all SNMP packets over the network. The encryption portion of SNMPv3

requires the crypto Catalyst 2950 LRE software image to be installed on your switch.

• Password recovery feature allows the administrator to protect access to the switch

conﬁguration ﬁles by forcing a user with physical access to the switch to interrupt the

switch start process only by agreeing to set the system back to default conﬁguration.

• SNMPv3 (non-crypto) monitors and controls network devices, manages

conﬁgurations, statistics collection, performance, and security

• Private VLAN edge (protected port) provides security and isolation between ports on a

switch, ensuring that voice trafﬁc travels directly from its entry point to the

aggregation device through a virtual path and cannot be directed to a different port.

• Support for the 802.1x standard allows users to be authenticated regardless of which

LAN port they are accessing, and provides unique beneﬁts to customers who have a

large base of mobile (wireless) users accessing the network.

• Port Security secures the access to a port based on the MAC address of a users device.

The aging feature removes the MAC address from the switch after a speciﬁc timeframe

to allow another device to connect to the same port.

• MAC Address Notiﬁcation allows administrators to be notiﬁed of new users added or

removed from the network.

• Spanning-tree root guard (STRG) prevents edge devices not in the network

administrator's control from becoming Spanning-Tree Protocol root nodes.

• The Spanning-Tree Protocol PortFast/bridge protocol data unit (BPDU) guard feature

disables access ports with Spanning-Tree Protocol PortFast-enabled upon reception of

a BPDU, and increases network reliability, manageability, and security.

• Multilevel security on console access prevents unauthorized users from altering the

switch conﬁguration.

• TACACS+ and RADIUS authentication to enable centralized control of the switch and

restrict unauthorized users from altering the conﬁguration.

• The user-selectable address-learning mode simpliﬁes conﬁguration and enhances

security.

• Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone

is present and disable the trust setting in the event that the IP phone is removed,

thereby preventing a rogue user from overriding prioritization policies in the network.

Cisco Systems, Inc.

Page 10 of 19