© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 11 of 27
IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of
concurrent multicast streams available per port.
●
ACLs:
Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within
VLANs.
Cisco standard and extended IP security router ACLs define security policies on routed interfaces for
control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
●
Device access:
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3
(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions.
SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic
software image because of U.S. export restrictions.
TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts
unauthorized users from altering the configuration.
Multilevel security on console access prevents unauthorized users from altering the switch configuration.
●
Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when
BPDUs are received to avoid accidental topology loops.
●
Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from
becoming Spanning Tree Protocol root nodes.
●
Wireless end-to-end security offers CAPWAP-compliant DTLS encryption to make sure of encryption
between access points and controllers across remote WAN/LAN links.
Resiliency
Borderless networks enable enterprise mobility and business-grade video services. Industry’s first unified network
(wired plus wireless) location services enable tracking of mobile assets and the users of those assets for both
wired plus wireless devices. The true borderless experience is enabled by the following feature sets in the Cisco
Catalyst 3650 Series Switches:
●
High availability
●
High-performance IP routing
●
Superior QoS
High Availability
In addition to StackWise-160, the Cisco Catalyst 3650 Series supports high-availability features including but not
limited to the following:
●
Cross-Stack EtherChannel provides the ability to configure Cisco EtherChannel technology across different
members of the stack for high resiliency.
●
Flexlink provides link redundancy with convergence time less than 100ms.
●
IEEE 802.1s/w Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) provide
rapid spanning-tree convergence independent of spanning-tree timers and also offer the benefit of Layer 2
load balancing and distributed processing. Stacked units behave as a single spanning-tree node.
(5 pages)
(11 pages)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals