Cisco 3550-12T - Catalyst Switch - Stackable Questions And Answers - Page 4

Browse online or download pdf Questions And Answers for Switch Cisco 3550-12T - Catalyst Switch - Stackable. Cisco 3550-12T - Catalyst Switch - Stackable 9 pages. Cisco catalyst 3550-48: supplementary guide

Print Page
Cisco 3550-12T - Catalyst Switch - Stackable Questions And Answers
Q.
For security purposes, how can I prevent unauthorized users from accessing my network?
A.
The Cisco Catalyst 3550 Series supports 802.1X, which works in conjunction with a RADIUS server to authenticate users
as they access a network. The 802.1X standard is considered port-level security and is commonly used for both wired
and wireless LANs. Additionally, portions of the network can be restricted by using ACLs. Access can be denied based
on Media Access Control (MAC) addresses, IP addresses, or Transmission Control Protocol (TCP)/User Datagram
Protocol (UDP) ports. ACL lookups are done in hardware-thus forwarding and routing performance is not compromised
when implementing ACL-based security. An additional protection method is to use Port Security, which allows only
appropriate users on the network by limiting access to the port based on MAC addresses.
Q.
For security purposes, how can I allow mobility of the user base while also ensuring security?
A.
802.1X in conjunction with a RADIUS server allows for dynamic port-based user authentication. 802.1X-based user
authentication can be extended to dynamically assign a VLAN or an ACL based on a specific user regardless of where
the user connects on the network. This intelligent adaptability allows IT departments to offer greater flexibility and mobility
to their stratified user populations. By combining access control and user profiles with secure network connectivity,
services, and applications, enterprises can more effectively manage user mobility and drastically reduce the overhead
associated with granting and managing access to network resources.
Q.
For security purposes, how can I monitor or track activities in my network?
A.
IDSs are tailored to monitor and track activities in a network. The Cisco Catalyst 3550 Series supports SPAN
enhancements that allow an IDS to take action if an intruder is detected. Additionally, the Cisco Catalyst 3550 Series can
complement this through features such as MAC Address Notification, which will send an alert to a management station
so that network administrators know when and where users came on to the network and can take appropriate actions.
The DHCP Interface Tracker (Option 82) feature will track where a user is physically connected on a network by providing
both switch and port ID to a DHCP server.
Q.
For security purposes, how do I protect administration passwords and traffic going to the switch during
configuration or troubleshooting?
A.
To protect administration traffic during the configuration or troubleshooting of a switch (such as passwords or device
configuration settings), the best approach is to encrypt the data. SSH, Kerberos, and SNMPv3 (crypto version) provide
encryption of data during Telnet and SNMP sessions. These features require the use of an image with strong encryption
technology. Because of export restrictions, this image does not ship preinstalled on the switches and must be
downloaded from a special area on Cisco.com.
Q.
Are the Cisco Catalyst 3550 Series Switches available with Web-based setup?
A.
The Cisco Catalyst 3550 Series Switches will support Express Setup with the next Cisco IOS Software release. This
feature is designed to simplify the initial "out-of-the-box" deployment of Cisco Catalyst fixed-configuration switches. In the
past, users had to connect a computer to the console port of the switch (using a special rollover cable), launch a terminal
emulation program, and then configure an IP address, switch name, password, etc. using the CLI. With Express Setup,
the user can now simply connect a PC with an Ethernet cable into any port on the switch, hold the "mode" button to
activate Express Setup, and launch a Web browser. The switch can then be set up using a single Webpage.
Q.
What gigabit interface converters (GBICs) are supported on the Cisco Catalyst 3550 Series?
A.
The Cisco Catalyst 3550 Series supports the following Cisco GBICs: 1000BASE-SX, 1000BASE-LX/LH, 1000BASE-ZX,
1000BASE-T, 1000BASE-CWDM, and the Cisco GigaStack® Stacking GBIC.
All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 9