Cisco Systems 2960 manual Feature Benefit, Vlan

Page 7

Feature

Benefit

 

IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or

 

unauthorized state of the port.

 

IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC

 

addresses, including those of the client.

 

IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access on the guest

 

VLAN.

 

Port-based ACLs for Layer 2 interfaces allow application of security policies on individual switch ports.

 

Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.

 

Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch has not

 

already learned how to forward.

 

SSHv2 and SNMPv3 provide network security by encrypting administrator traffic during Telnet and SNMP

 

sessions. SSHv2 and the cryptographic version of SNMPv3 require a special cryptographic software image

 

because of U.S. export restrictions.

 

Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure intrusion

 

detection system (IDS) to take action when an intruder is detected.

 

TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized users

 

from altering the configuration.

 

MAC address notification allows administrators to be notified of users added to or removed from the network.

 

DHCP snooping allows administrators to ensure consistent mapping of IP to MAC addresses. This can be used

 

to prevent attacks that attempt to poison the DHCP binding database, and to rate-limit the amount of DHCP

 

traffic that enters a switch port.

 

DHCP Interface Tracker (Option 82) feature augments a host IP address request with the switch port ID.

 

Port security secures the access to an access or trunk port based on MAC address.

 

After a specific timeframe, the aging feature removes the MAC address from the switch to allow another device

 

to connect to the same port.

 

Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is present and to disable

 

the trust setting if the IP phone is removed, thereby preventing a malicious user from overriding prioritization

 

policies in the network.

 

Multilevel security on console access prevents unauthorized users from altering the switch configuration.

 

The user-selectable address-learning mode simplifies configuration and enhances security.

 

BPDU Guard shuts down Spanning Tree Protocol PortFast-enabled interfaces when BPDU’s are received

 

to avoid accidental topology loops.

 

Spanning-Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from

 

becoming Spanning Tree Protocol root nodes.

 

IGMP filtering provides multicast authentication by filtering out no subscribers and limits the number of

 

concurrent multicast streams available per port.

 

Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server (VMPS)

 

client functions to provide flexibility in assigning ports to VLANs. Dynamic VLAN helps enable the fast

 

assignment of IP addresses.

 

Cisco Network Assistant software security wizards ease the deployment of security features for restricting user

 

access to a server as well as to a portion of or the entire network.

 

Up to 512 (Aces) are supported, with two profiles: Security (384 Security ACL entries and 128 QoS policies),

 

and QoS (128 Security ACL entries and 384 QoS polices).

© 2005 Cisco Systems, Inc. All rights reserved.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 7 of 16

Image 7
Contents Product Overview ConfigurationsIntelligence in the Network Gigabit EthernetEnhanced Security Advanced QOS Availability and ScalabilityManagement Ease of Use and Deployment Features and Benefits of Cisco Catalyst 2960 SeriesFeature Superior Redundancy for Fault BackupQoS and Control Advanced QoS Networkwide Security FeaturesGranular Rate Limiting Vlan Feature BenefitCisco Network ManageabilitySpecification Cisco Catalyst 2960 Series Switch HardwareDescription Description Specification Power Specifications for Cisco Catalyst 2960 Series Switch Standards ManagementService and Support Features Benefits Safety and ComplianceService and Support Cisco Services and Support ProgramsPart Numbers Description Ordering InformationCWDM-SFP-1590= CWDM-SFP-1530=CWDM-SFP-1550= CWDM-SFP-1570=
Related manuals
Manual 94 pages 14.25 Kb Manual 108 pages 14.27 Kb Manual 28 pages 25.34 Kb

2960 specifications

Cisco Systems 2960 series switches are a prominent solution in the networking landscape, known for their reliability, scalability, and feature-rich offerings. Ideal for small to medium-sized enterprises, these switches provide a robust foundation for network infrastructure, ensuring optimal performance and connectivity.

One of the standout features of the Cisco 2960 series is its Layer 2 switching capabilities. The switches support multiple VLANs (Virtual Local Area Networks), allowing network administrators to segment traffic efficiently and enhance security protocols. This is crucial in modern networks where managing traffic and isolating sensitive information is a priority.

The Cisco 2960 series also incorporates advanced Quality of Service (QoS) features, enabling the prioritization of critical applications and services. This functionality ensures that time-sensitive data, such as voice and video traffic, maintains a high quality of service even in congested networks. With support for IEEE 802.1p and DSCP marking, administrators can fine-tune their network performance to meet specific organizational needs.

Power over Ethernet (PoE) is another significant characteristic of the Cisco 2960 series. This feature allows switches to deliver electrical power alongside data over Ethernet cables to devices such as IP phones, wireless access points, and surveillance cameras. With PoE, organizations can reduce clutter from power cables and increase deployment flexibility for various devices.

In terms of security, the Cisco 2960 series is equipped with a range of integrated security features. The switch supports port security, 802.1X authentication, and Access Control Lists (ACLs), providing robust defenses against unauthorized access and potential network vulnerabilities. These security measures are essential for protecting sensitive data and ensuring compliance with industry regulations.

Moreover, the Cisco 2960 series offers enhanced network management capabilities with Cisco's Intelligent Network Services. This includes support for Simple Network Management Protocol (SNMP), Cisco Prime, and Embedded Event Manager (EEM), allowing for efficient monitoring, troubleshooting, and policy enforcement across the network.

Additionally, the Cisco 2960 switches provide various models and configurations, catering to different networking needs. Options include models with varying port densities, uplink configurations, and stacking capabilities, making it easy for organizations to choose solutions that align perfectly with their requirements.

In summary, the Cisco 2960 series is a versatile and essential component of modern networking environments. Its advanced features, including Layer 2 support, QoS, PoE, robust security, and diverse management tools, make it an excellent choice for organizations looking to build a strong and secure network infrastructure.