Network Management

Access Control (MAC) addresses, IP addresses, or Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) ports. ACL lookups are done in hardware—forwarding and routing performance is not compromised when implementing ACL-based security. An additional protection method is to use port security, which ensures the appropriate user is on the network by limiting access to the port based on MAC addresses.

Q. For security purposes, how can I monitor or track activities in my network?

A. Intrusion detection systems are tailored to monitor and track activities in a network. The Cisco Catalyst 3750 can complement this through features such as MAC address notification, which will send an alert to a management station so that network administrators know when and where users came on to the network and can take appropriate actions. The DHCP Interface Tracker (Option 82) feature will track where a user is physically connected on a network by providing both switch and port ID to a DHCP server.

Q. For security purposes, how do I protect administration passwords and traffic going to the switch during configuration or troubleshooting?

A. To protect administration traffic during the configuration or troubleshooting of a switch (such as passwords or device configuration settings), the best approach is to encrypt the data. Both SSH and SNMPv3 provide encryption of data during Telnet sessions and SNMP sessions.

Q. Do the Cisco Catalyst 3750 switches support Cisco Switch Clustering technology?

A. Yes, the Cisco Catalyst 3750 switches can be managed using the Web-based Cisco Cluster Management Suite (CMS) Software, which uses Cisco Switch Clustering technology. Cisco CMS is Web-based software that is embedded in Cisco Catalyst 3750, 3550, 2950, 3500 XL, 2900 XL, 2900 LRE XL, and 1900 switches. Through Cisco Switch Clustering technology, users access Cisco CMS with any standard Web browser to manage up to 16 of these switches at once, regardless of their geographic proximity with the option of using a single IP address if desired. With the addition of the Cisco Catalyst 3750 switches, Cisco CMS can now extend beyond routed boundaries for even more flexibility in managing a Cisco cluster.

Cisco CMS provides an integrated management interface for delivering intelligent services, enabling users to manage their entire LAN with one robust tool. By bringing the simplicity of traditional LAN switching to intelligent services such as multilayer switching, QoS, multicast, and security ACLs, Cisco CMS allows administrators to take advantage of benefits formerly reserved for only the most complex networks. The new Guide Mode in Cisco CMS leads the user step by step through the configuration of high-end features and provides enhanced online help for context-sensitive assistance. In addition, a Solution Wizard provides automated configuration of the switch for video streaming or videoconferencing. Future software will provide Solution Wizards for voice over IP (VoIP), mission-critical applications, and security.

Cisco CMS supports standards-based connectivity options such as Ethernet, Fast Ethernet, Fast EtherChannel®, Gigabit Ethernet, and Gigabit EtherChannel connectivity. Because Cisco Switch Clustering technology is not limited by proprietary stacking modules, stacking cables or interconnection media, Cisco CMS expands the traditional cluster domain beyond a single wiring closet and lets users mix and match interconnections to meet specific management, performance, and cost requirements.

Cisco Systems, Inc.

Page 7 of 10