Cisco 2948G-GE-TX - Catalyst Gigabit Ethernet Switch Manual de usuario descargar pdf (Pagina 4)

Cisco Systems, Inc.

Page 4 of 11

Security

Network-wide

security features

• IEEE 802.1x allows dynamic, port-based security, providing user authentication.

• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a speciﬁc user

regardless of where the user is connected.

• Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol

Version 3 (SNMPv3) provide network security by encrypting administrator trafﬁc during

Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMPv3

require a special cryptographic software image due to U.S. export restrictions.

• Private VLAN provides security and isolation between switch ports or groups of switch

ports called communities, which helps ensure that users cannot snoop on other users’

trafﬁc.

• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Secure

Intrusion Detection System (IDS) to take action when an intruder is detected.

• TACACS+ and RADIUS authentication enables centralized control of the switch and

restricts unauthorized users from altering the conﬁguration.

• MAC address notiﬁcation allows administrators to be notiﬁed of users added to or

removed from the network.

• Port security secures the access to an access or trunk port based on MAC address.

• After a speciﬁc timeframe, the aging feature removes the MAC address from the switch

to allow another device to connect to the same port.

• Multilevel security on console access prevents unauthorized users from altering the

switch conﬁguration.

• The user-selectable address-learning mode simpliﬁes conﬁguration and enhances

security.

• Bridge Protocol Data Unit (BPDU) guard shuts down Spanning-Tree Protocol

PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.

• Spanning Tree Root Guard (STRG) prevents edge devices not in the network

administrator’s control from becoming Spanning Tree Protocol root nodes.

• IGMP ﬁltering provides multicast authentication by ﬁltering out nonsubscribers and limits

the number of concurrent multicast streams available per port.

• Dynamic VLAN assignment is supported through implementation of the VLAN

Membership Policy Server (VMPS) client to provide ﬂexibility in assigning ports to VLANs.

Dynamic VLAN enables the fast assignment of IP addresses.

Table 1 Product Features and Beneﬁts (Continued)

Feature Benefit

1 2 3 4 5 6 7 8 9 10 11

Sin comentarios

Cisco 2948G-GE-TX - Catalyst Gigabit Ethernet Switch Manual de usuario Pagina 4