Cisco WS-C3550-48-EMI Manual de usuario descargar pdf (Pagina 9)

Cisco Systems, Inc.

Page 9 of 19

Security

Security • Bridge protocol data unit (BPDU) guard shuts down Spanning-Tree Protocol

PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.

• Spanning-tree root guard (STRG) prevents edge devices not in the network administrator's

control from becoming Spanning-Tree Protocol root nodes.

• IGMP Filtering provides multicast authentication by ﬁltering out non-subscribers and limits

the number of concurrent multicast streams available per port.

• Private VLAN edge provides security and isolation between ports on a switch, ensuring that

users cannot snoop on other users’ trafﬁc.

• Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is

present and disable the trust setting in the event that the IP phone is removed, thereby

preventing a malicious user from overriding prioritization policies in the network.

• Switch Port Analyzer (SPAN) for Cisco Secure Intrusion Detection System (IDS) support

allows the IDS to take action when an intruder is detected.

• The user-selectable address-learning mode simpliﬁes conﬁguration and enhances security.

• Cisco CMS Software Security Wizards ease the deployment of security features for

restricting user access to a server, a portion of the network or access to the network.

Network

Administration

Security

• TACACS+ and RADIUS authentication to enable centralized control of the switch and restrict

unauthorized users from altering the conﬁguration.

• Multilevel security on console access prevents unauthorized users from altering the switch

conﬁguration.

• SSH, Kerberos, and SNMPv3 provides network security by encrypting administrator trafﬁc

during Telnet and SNMP sessions—SSH, Kerberos, and the crypto version of SNMPv3

require a special crypto software image due to US export restrictions.

User and Device

Authentication

• IEEE 802.1x for dynamic port-based security to prevent unauthorized clients from gaining

access to the network.

• Port Security secures the access to a port based on the MAC address of a users device. The

aging feature removes the MAC address from the switch after a speciﬁc timeframe to allow

another device to connect to the same port, thereby eliminating administrative overhead

associated with this feature.

Granular Access

Control and

Identity-based

Network Services

• Cisco security VLAN ACLs (VACLs) on all VLANs to prevent unauthorized data ﬂows to be

bridged within VLANs.

• Cisco standard and extended IP security Router ACLs (RACLs) for deﬁning security policies

on routed interfaces for control plane and data plane trafﬁc.

• Port-based ACLs (PACLs) for Layer 2 interfaces allows security policies to be applied on

individual switch ports.

• Time-based ACLs allow the implementation of security settings during speciﬁc periods of

the day or days of the week.

• 802.1x with VLAN assignment allows a dynamic VLAN assignment for a speciﬁc user

regardless of where the user is connected.

• 802.1x with an ACL assignment allows for speciﬁc security policies based on a user

regardless of where the user is connected.

• 802.1x with voice VLAN to permit an IP phone access to the voice VLAN irrespective of the

authorized or unauthorized state of the port.

• 802.1x and port security for authenticating the port and managing network access for all

MAC addresses, including that of the client.

• Support for dynamic VLAN assignment through implementation of VLAN Membership

Policy Server (VMPS) client functionality provides ﬂexibility in assigning ports to VLANs.

Dynamic VLAN enables fast assignment of IP address.

Table 1 Product Features and Beneﬁts (Continued)

Feature Benefit

1 2 3 4 5 6 7 8 9 10 11 12 13 14 ... 18 19

Comentarios a estos manuales

Sin comentarios

Cisco WS-C3550-48-EMI Manual de usuario Pagina 9

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco WS-C3550-48-EMI