Cisco ME-C3750-24TE-M Manual de usuario descargar pdf (Pagina 12)

Feature Benefit

Network Security

Comprehensive Security

Solutions

Subscriber Security

●

IEEE 802.1x allows dynamic, port-based security by providing user authentication.

●

IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of

where the user is connected.

●

IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC

addresses.

●

IEEE 802.1x readiness check simplifies deployment by generating a report for end hosts capable of 802.1x.

●

An absence of local switching behavior provides security and isolation between UNIs, helping ensure that

users cannot monitor or access other users’ traffic on the same switch.

●

DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus addresses.

This feature also prevents numerous other attacks such as Address Resolution Protocol (ARP) poisoning.

●

Dynamic ARP Inspection helps ensure user integrity by preventing malicious users from exploiting the

insecure nature of the ARP protocol.

●

IP Source Guard prevents a malicious user from spoofing or taking over another user’s IP address by creating

a binding table between client’s IP and MAC address, port, and VLAN.

Switch Security

●

Control Plane Security prevents DoS attacks on the CPU.

●

Secure Shell (SSH) Protocol, Kerberos, and SNMPv3 provide network security by encrypting administrator

traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMPv3 require a

special cryptographic software image because of U.S. export restrictions.

●

Port security secures the access to an access or trunk port based on MAC address. After a specific

timeframe, the aging feature removes the MAC address from the switch to allow another device to connect to

the same port.

●

Multilevel security on the console access prevents unauthorized users from altering the switch configuration.

●

TACACS+ and RADIUS authentication facilitate centralized control of the switch and restrict unauthorized

users from altering the configuration.

●

Configuration File Security helps ensure that only authenticated users have access to the configuration file.

●

Per VLAN MAC address learning prevents MAC address table overflow attack.

Network Security

●

Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.

●

Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-

plane and data-plane traffic.

●

Port-based ACLs for Layer 2 interfaces allow for application of security policies on individual switch ports.

MAC address notification allows administrators to be notified of users added to or removed from the network.

Network Monitoring

●

Remote Switched Port Analyzer (RSPAN) allows for remote monitoring of the user interface.

Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco intrusion detection system

(IDS) to take action when an intruder is detected.

1 2 ... 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Comentarios a estos manuales

Sin comentarios

Cisco ME-C3750-24TE-M Manual de usuario Pagina 12

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco ME-C3750-24TE-M