Cisco WS-C3550-12T Технічний паспорт - Сторінка 8
Переглянути онлайн або завантажити pdf Технічний паспорт для Бездротова точка доступу Cisco WS-C3550-12T. Cisco WS-C3550-12T 19 сторінок. 3500 series lightweight access point
Також для Cisco WS-C3550-12T: Посібник для початківців (35 сторінок)
Feature
Benefit
SECURITY
Bridge protocol data unit (BPDU) guard shuts down Spanning-Tree Protocol PortFast-enabled interfaces when
Security
BPDUs are received to avoid accidental topology loops.
Spanning-tree root guard (STRG) prevents edge devices not in the network administrator's control from becoming
Spanning-Tree Protocol root nodes.
IGMP Filtering provides multicast authentication by filtering out non-subscribers and limits the number of
concurrent multicast streams available per port.
Private VLAN edge provides security and isolation between ports on a switch, ensuring that users cannot snoop on
other users' traffic.
Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is present and disable the trust
setting in the event that the IP phone is removed, thereby preventing a malicious user from overriding prioritization
policies in the network.
Switch Port Analyzer (SPAN) for Cisco Secure Intrusion Detection System (IDS) support allows the IDS to take
action when an intruder is detected.
The user-selectable address-learning mode simplifies configuration and enhances security.
Cisco CMS Software Security Wizards ease the deployment of security features for restricting user access to a server,
a portion of the network or access to the network.
TACACS+ and RADIUS authentication to enable centralized control of the switch and restrict unauthorized users
Network
from altering the configuration. Multilevel security on console access prevents unauthorized users from altering the
Administration
switch configuration.
Security
SSH, Kerberos, and SNMPv3 provides network security by encrypting administrator traffic during Telnet and SNMP
sessions—SSH, Kerberos, and the crypto version of SNMPv3 require a special crypto software image due to US
export restrictions.
IEEE 802.1x for dynamic port-based security to prevent unauthorized clients from gaining access to the network.
User and Device
Port Security secures the access to a port based on the MAC address of a users device. The aging feature removes the
Authentication
MAC address from the switch after a specific timeframe to allow another device to connect to the same port, thereby
eliminating administrative overhead associated with this feature.
Cisco security VLAN ACLs (VACLs) on all VLANs to prevent unauthorized data flows to be bridged within
Granular Access
VLANs.
Control and Identity-
Cisco standard and extended IP security Router ACLs (RACLs) for defining security policies on routed interfaces
based Network
for control plane and data plane traffic.
Services
Port-based ACLs (PACLs) for Layer 2 interfaces allows security policies to be applied on individual switch ports.
Time-based ACLs allow the implementation of security settings during specific periods of the day or days of the
week.
802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user
is connected.
802.1x with an ACL assignment allows for specific security policies based on a user regardless of where the user is
connected.
802.1x with voice VLAN to permit an IP phone access to the voice VLAN irrespective of the authorized or
unauthorized state of the port.
802.1x and port security for authenticating the port and managing network access for all MAC addresses, including
that of the client.
Support for dynamic VLAN assignment through implementation of VLAN Membership Policy Server (VMPS)
client functionality provides flexibility in assigning ports to VLANs. Dynamic VLAN enables fast assignment
of IP address.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
© 2005 Cisco Systems, Inc. All rights reserved.
Page 8 of 18