●
The Cisco committed information rate (CIR) function provides bandwidth in increments as
low as 8 Kbps.
●
Rate limiting is provided based on source and destination IP address, source and
destination MAC address, Layer 4 TCP/UDP information, or any combination of these fields,
using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
●
Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit
Ethernet port.
Advanced Security
The Cisco Catalyst 3750-E Series supports a comprehensive set of security features for
connectivity and access control, including ACLs, authentication, port-level security, and identity-
based network services with 802.1x and extensions. This set of comprehensive features not only
helps prevent external attacks, but defends the network against “man-in-the-middle” attacks, a
primary concern in today’s business environment. The switch also supports the Network Admission
Control (NAC) security framework.
●
Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users
from exploiting the insecure nature of the ARP protocol.
●
DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out
bogus addresses. This feature is used by other primary security features to prevent a
number of other attacks such as ARP poisoning.
●
IP source guard prevents a malicious user from spoofing or taking over another user’s IP
address by creating a binding table between the client’s IP and MAC address, port, and
VLAN.
●
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at
Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
●
Private VLAN Edge provides security and isolation between switch ports, which helps
ensure that users cannot snoop on other users’ traffic.
●
Unicast RPF feature helps mitigate problems caused by the introduction of malformed or
forged (spoofed) IP source addresses into a network by discarding IP packets that lack a
verifiable IP source address.
●
IEEE 802.1x allows dynamic, port-based security, providing user authentication.
●
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user
regardless of where the user is connected.
●
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of
the authorized or unauthorized state of the port.
●
IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including that of the client.
●
IEEE 802.1x with an ACL assignment allows for specific identity-based security policies
regardless of where the user is connected.
●
IEEE 802.1x with guest VLAN allows guests without 802.1x clients to have limited network
access on the guest VLAN.
●
Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based
browser for authentication.
(27 stránky)
(73 stránky)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce