Cisco Catalyst 2960X-48FPS-L User Manual download pdf (Page 5)

●

Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning

a broadcast segment into a nonbroadcast multi access like segment. This feature is available in IP-Lite

feature set only.

◦ Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users

cannot snoop on other users’ traffic.

●

Unicast Reverse Path Forwarding (uRPF) feature helps mitigate problems caused by the introduction of

malformed or forged (spoofed) IP source address into a network by discarding IP packets that lack a

verifiable IP source address. This feature is available in IP-Lite feature set only.

●

Multidomain Authentication allows an IP phone and a PC to authenticate on the same switch port while

placing them on appropriate voice and data VLAN.

●

Access Control Lists (ACLs) for IPv6 and IPv4 for security and QoS ACEs.

◦ VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.

◦ Router ACLs define security policies on routed interfaces for control-plane and data-plane traffic. IPv6

ACLs can be applied to filter IPv6 traffic.

◦ Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.

●

Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3

(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions.

SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software

image because of U.S. export restrictions.

●

Switched Port Analyzer (SPAN), with bidirectional data support, allows Cisco Intrusion Detection System

(IDS) to take action when an intruder is detected.

●

TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts

unauthorized users from altering the configuration.

●

MAC Address Notification allows administrators to be notified of users added to or removed from the

network.

●

Multilevel security on console access prevents unauthorized users from altering the switch configuration.

●

Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree Port Fast-enabled interfaces when

BPDUs are received to avoid accidental topology loops.

●

Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from

becoming Spanning Tree Protocol root nodes.

●

IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of

concurrent multicast streams available per port.

●

Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server

client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast

assignment of IP addresses.

Redundancy and Resiliency

Cisco Catalyst 2960-X Series Switches offer a number of redundancy and resiliency features to prevent outages

and help ensure that the network remains available:

●

Cross-stack EtherChannel provides the ability to configure Cisco EtherChannel technology across

different members of the stack for high resiliency.

1 2 3 4 5 6 ... 27

Comments to this Manuals

No comments

Cisco Catalyst 2960X-48FPS-L User Manual Page 5

Comments to this Manuals

Related products and manuals for Network switches Cisco Catalyst 2960X-48FPS-L