© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 27
Network Management Tools
The Cisco Catalyst 3650 Series Switches offer both a superior CLI for detailed configuration and Cisco Prime
™
infrastructure for unified wired plus wireless management. Prime infrastructure provides day 0 and ongoing
provisioning, ongoing monitoring and maintenance, configuration templates, and device and user 360-degree
views and serves as the FNF collector for user traffic views using the Prime Assurance Manager module.
For detailed information about Cisco Prime infrastructure, go to
http://www.cisco.com/en/US/products/ps12239/index.html.
Advanced Security Features
Cisco Catalyst 3650 Series Switches support advanced security features including but not limited to:
●
Protection against attackers:
Port security secures the access to an access or trunk port based on MAC address. It limits the number
of learned MAC addresses to deny MAC address flooding.
DHCP snooping prevents malicious users from spoofing a DHCP server and sending out bogus
addresses. This feature is used by other primary security features to prevent a number of other attacks
such as ARP poisoning.
Dynamic ARP inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting
the insecure nature of ARP.
IP source guard prevents a malicious user from spoofing or taking over another user’s IP address by
creating a binding table between the client’s IP and MAC address, port, and VLAN.
The Unicast Reverse Path Forwarding (RPF) feature helps mitigate problems caused by the introduction
of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack
a verifiable IP source address.
Bidirectional data support on the SPAN port allows the Cisco intrusion detection system (IDS) to take
action when an intruder is detected.
●
User authentication:
Flexible authentication that supports multiple authentication mechanisms, including 802.1X, MAC
authentication bypass, and web authentication using a single, consistent configuration.
RADIUS change of authorization and downloadable calls for comprehensive policy management
capabilities.
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2,
turning a broadcast segment into a nonbroadcast multiaccess like segment. Private VLAN
edge provides security and isolation between switch ports, which helps ensure that users cannot snoop
on other users’ traffic.
Multidomain authentication allows an IP phone and a PC to authenticate on the same switch port while
placing them on appropriate voice and data VLAN.
MAC address notification allows administrators to be notified of users added to or removed from the
network.
Mobility and security for secure, reliable wireless connectivity and consistent end-user experience.
Increased network availability through proactive blocking of known threats.
(5 pages)
(11 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals