Cisco 3750-48PS - Catalyst SMI Switch Uživatelský manuál stáhnout pdf (Strana 9)

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com

Page 9 of 22

Feature Benefit

Granular Rate Limiting

• The Cisco Committed Information Rate (CIR) function guarantees bandwidth in increments as low as

8 kbps.

• Rate limiting is provided based on source and destination IP address, source and destination MAC address,

Layer 4 TCP and UDP information, or any combination of these fields, using QoS ACLs (IP ACLs or

MAC ACLs), class maps, and policy maps.

• Asynchronous data flows upstream and downstream from the end station or on the uplink are easily

managed using ingress policing and egress shaping.

• Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit Ethernet port.

SECURITY

Networkwide Security Features

• IEEE 802.1x allows dynamic, port-based security, providing user authentication.

• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless

of where the user is connected.

• IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the

authorized or unauthorized state of the port.

• IEEE 802.1x and port security are provided to authenticate the port and manage network access for all

MAC addresses, including those of the client.

• IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of

where the user is connected.

• IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access on

the guest VLAN.

• Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from being bridged

within VLANs.

• Cisco standard and extended IP security router ACLs (RACLs) define security policies on routed interfaces

for control- and data-plane traffic.

• Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on individual

switch ports.

• Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.

• Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch

has not already learned how to forward.

• SSHv2, Kerberos, and SNMPv3 provide network security by encrypting administrator traffic during

Telnet and SNMP sessions. SSHv2, Kerberos, and the cryptographic version of SNMPv3 require a

special cryptographic software image because of U.S. export restrictions.

• Private VLAN provides security and isolation between switch ports, helping ensure that users cannot

snoop on other users' traffic.

• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure Intrusion

Detection System (IDS) to take action when an intruder is detected.

• TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized

users from altering the configuration.

• MAC address notification allows administrators to be notified of users added to or removed from the

network.

• DHCP snooping allows administrators to ensure consistent mapping of IP to MAC addresses. This can be

used to prevent attacks that attempt to poison the DHCP binding database, and to rate limit the amount of

DHCP traffic that enters a switch port.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 ... 21 22

Komentáře k této Příručce

Žádné komentáře

Cisco 3750-48PS - Catalyst SMI Switch Uživatelský manuál Strana 9

Komentáře k této Příručce

Související produkty a manuály pro Sítě Cisco 3750-48PS - Catalyst SMI Switch