Cisco 500 Series Bedienungsanleitung Seite 8
- Seite / 19
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 19
Data Sheet
Feature
Description
High-speed stack
interconnects
Cost-effective 5G copper and high-speed 10G Fiber and Copper interfaces.
Hybrid stack
A mix of SF500, SG500, and SG500X in the same stack (10/100, Gigabit, and 10 Gigabit).
Security
SSH
SSH is a secure replacement for Telnet traffic. SCP also uses SSH. SSH versions 1 and 2 are
supported.
SSL
Secure Sockets Layer (SSL) encrypts all HTTPS traffic, allowing secure access to the browser-based
management GUI in the switch.
IEEE 802.1X (Authenticator
role)
RADIUS authentication and accounting, MD5 hash, guest VLAN, unauthenticated VLAN, single/multiple
host mode and single/multiple sessions
Supports time-based 802.1X Dynamic VLAN assignment
Web Based Authentication
Web based authentication provides network admission control through web browser to any host devices
and operating systems.
STP BPDU Guard
A security mechanism to protect the networks from invalid configurations. A port enabled for Bridge
Protocol Data Unit (BPDU) Guard is shut down if a BPDU message is received on that port. This avoids
accidental topology loops.
STP Root Guard
This prevents edge devices not in the network administrator’s control from becoming Spanning Tree
Protocol root nodes.
DHCP snooping
Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted
interfaces. This prevents rogue devices from behaving as a DHCP Server.
IP Source Guard (IPSG)
When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the
source IP addresses of the packets have not been statically configured or dynamically learned from
DHCP snooping. This prevents IP Address Spoofing.
Dynamic ARP Inspection
(DAI)
The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if
there is a discrepancy between the source or destination address in the ARP packet. This prevents
man-in-the-middle attacks.
IP/Mac/Port Binding (IPMB)
The features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) above work together to
prevent DoS attacks in the network, thereby increasing network availability
Secure Core Technology
(SCT)
Ensures that the switch will receive and process management and protocol traffic no matter how much
traffic is received.
Secure Sensitive Data
(SSD)
A mechanism to manage sensitive data (such as passwords, keys, etc.) securely on the switch,
populating this data to other devices, and secure autoconfig. Access to view the sensitive data as
plaintext or encrypted is provided according to the user configured access level and the access method
of the user.
Layer 2 isolation (PVE) with
community VLAN
*
Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users
cannot snoop on other users’ traffic; supports multiple uplinks.
Port security
Ability to lock Source MAC addresses to ports, and limit the number of learned MAC addresses.
RADIUS/TACACS+
Supports RADIUS and TACACS authentication. Switch functions as a client.
RADIUS accounting
The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the
amount of resources (such as time, packets, bytes, and so on) used during the session.
Storm control
Broadcast, multicast, and unknown unicast.
DoS prevention
Denial-of-Service (DoS) attack prevention.
Multiple user privilege levels
in CLI
Levels 1, 7, and 15 privilege levels.
ACLs
Support for up to 2K (2048) rules on 500 Series and 3K (3072) on 500X series.
Drop or rate limit based on source and destination MAC, VLAN ID or IP address, protocol, port,
DSCP/IP precedence, TCP/ User Datagram Protocol (UDP) source and destination ports, 802.1p
priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, Internet Group Management
Protocol (IGMP) packets, TCP flag.
Time-based ACLs supported.
Quality of Service
Priority levels
8 hardware queues
Scheduling
Strict Priority and weighted round-robin (WRR)
Class of service
Port based; 802.1p VLAN priority based; IPv4/v6 IP precedence/ToS/DSCP based; DiffServ;
classification and re-marking ACLs, Trusted QoS
Queue assignment based on differentiated services code point (DSCP) and class of service
(802.1p/CoS)
Rate limiting
Ingress policer; egress shaping and ingress rate control; per VLAN, per port, and flow based
Verwandte Produkte und Handbücher für Sicherheitszugriffskontrollsysteme Cisco 500 Series
(262 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.058 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern