Cisco CATALYST 3560-E Specifications download pdf (Page 10)

Data Sheet

Feature Benefit



Up to 64 aggregate or individual policers are available per Fast Ethernet or

Gigabit Ethernet port.

Security

Networkwide Security

Features



IEEE 802.1x allows dynamic, port-based security, providing user authentication.



IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a

specific user regardless of where the user is connected.



IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN

irrespective of the authorized or unauthorized state of the port.



IEEE 802.1x and port security are provided to authenticate the port and manage

network access for all MAC addresses, including those of the client.



IEEE 802.1x with an ACL assignment allows for specific identity-based security

policies regardless of where the user is connected.



IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited

network access on the guest VLAN.



Web authentication for non-802.1x clients allows non-802.1x clients to use an

SSL-based browser for authentication.



Multi-Domain Authentication allows an IP phone and a PC to authenticate on

the same switch port while placing them on appropriate Voice and Data VLAN.



MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x

supplicant to get authenticated using their MAC address.



Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows

from being bridged within VLANs.



Cisco standard and extended IP security router ACLs (RACLs) define security

policies on routed interfaces for control- and data-plane traffic.



Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies

on individual switch ports.



Unicast MAC filtering prevents the forwarding of any type of packet with a matching

MAC address.



Unknown unicast and multicast port blocking allows tight control by filtering packets

that the switch has not already learned how to forward.



SSHv2, Kerberos, and SNMPv3 provide network security by encrypting administrator

traffic during Telnet and SNMP sessions. SSHv2, Kerberos, and the cryptographic

version of SNMPv3 require a special cryptographic software image because of U.S.

export restrictions.



Private VLAN Edge provides security and isolation between switch ports, helping

ensure that users cannot snoop on other users’ traffic.



Private VLANs restrict traffic between hosts in a common segment by segregating

traffic at Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like

segment.



Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the

Cisco Secure Intrusion Detection System (IDS) to take action when an intruder is

detected.



TACACS+ and RADIUS authentication enable centralized control of the switch and

restrict unauthorized users from altering the configuration.



MAC address notification allows administrators to be notified of users added to or

removed from the network.



Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious

users from exploiting the insecure nature of the ARP protocol.



DHCP snooping allows administrators to ensure consistent mapping of IP to MAC

addresses. This can be used to prevent attacks that attempt to poison the DHCP

binding database, and to rate limit the amount of DHCP traffic that enters a switch

port.



IP source guard prevents a malicious user from spoofing or taking over another

user’s IP address by creating a binding table between the client’s IP and MAC

address, port, and VLAN.



DHCP Interface Tracker (Option 82) augments a host IP address request with the

switch port ID.

1 2 ... 5 6 7 8 9 10 11 12 13 14 15 ... 20 21

Comments to this Manuals

No comments

Cisco CATALYST 3560-E Specifications Page 10

Comments to this Manuals

Related products and manuals for Network switches Cisco CATALYST 3560-E