Cisco WS-C3550-12T 데이터시트 - 페이지 8

{카테고리_이름} Cisco WS-C3550-12T에 대한 데이터시트을 온라인으로 검색하거나 PDF를 다운로드하세요. Cisco WS-C3550-12T 19 페이지. 3500 series lightweight access point
Cisco WS-C3550-12T에 대해서도 마찬가지입니다: 시작하기 매뉴얼 (35 페이지)

페이지 인쇄

Feature

Benefit

SECURITY

Bridge protocol data unit (BPDU) guard shuts down Spanning-Tree Protocol PortFast-enabled interfaces when

Security

BPDUs are received to avoid accidental topology loops.

Spanning-tree root guard (STRG) prevents edge devices not in the network administrator's control from becoming

Spanning-Tree Protocol root nodes.

IGMP Filtering provides multicast authentication by filtering out non-subscribers and limits the number of

concurrent multicast streams available per port.

Private VLAN edge provides security and isolation between ports on a switch, ensuring that users cannot snoop on

other users' traffic.

Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is present and disable the trust

setting in the event that the IP phone is removed, thereby preventing a malicious user from overriding prioritization

policies in the network.

Switch Port Analyzer (SPAN) for Cisco Secure Intrusion Detection System (IDS) support allows the IDS to take

action when an intruder is detected.

The user-selectable address-learning mode simplifies configuration and enhances security.

Cisco CMS Software Security Wizards ease the deployment of security features for restricting user access to a server,

a portion of the network or access to the network.

TACACS+ and RADIUS authentication to enable centralized control of the switch and restrict unauthorized users

Network

from altering the configuration. Multilevel security on console access prevents unauthorized users from altering the

Administration

switch configuration.

Security

SSH, Kerberos, and SNMPv3 provides network security by encrypting administrator traffic during Telnet and SNMP

sessions—SSH, Kerberos, and the crypto version of SNMPv3 require a special crypto software image due to US

export restrictions.

IEEE 802.1x for dynamic port-based security to prevent unauthorized clients from gaining access to the network.

User and Device

Port Security secures the access to a port based on the MAC address of a users device. The aging feature removes the

Authentication

MAC address from the switch after a specific timeframe to allow another device to connect to the same port, thereby

eliminating administrative overhead associated with this feature.

Cisco security VLAN ACLs (VACLs) on all VLANs to prevent unauthorized data flows to be bridged within

Granular Access

VLANs.

Control and Identity-

Cisco standard and extended IP security Router ACLs (RACLs) for defining security policies on routed interfaces

based Network

for control plane and data plane traffic.

Services

Port-based ACLs (PACLs) for Layer 2 interfaces allows security policies to be applied on individual switch ports.

Time-based ACLs allow the implementation of security settings during specific periods of the day or days of the

week.

802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user

is connected.

802.1x with an ACL assignment allows for specific security policies based on a user regardless of where the user is

connected.

802.1x with voice VLAN to permit an IP phone access to the voice VLAN irrespective of the authorized or

unauthorized state of the port.

802.1x and port security for authenticating the port and managing network access for all MAC addresses, including

that of the client.

Support for dynamic VLAN assignment through implementation of VLAN Membership Policy Server (VMPS)

client functionality provides flexibility in assigning ports to VLANs. Dynamic VLAN enables fast assignment

of IP address.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 8 of 18