12
MODU LA R SWI TC HE S FIXE D- CO NF IG UR ATI ON S WI TC HE S
Catalyst 6500 Catalyst 4500 Catalyst 4900 Catalyst 3750 Catalyst 3560 Catalyst 2960 Catalyst 2950 Catalyst 2940 Catalyst
Express 500
LAN SWI TC HI NG F EAT UR ES contin ued
Layer 3 continued
H/W-based Policy Routing IPv4 • • • IP Services IP Services
H/W-based Policy Routing IPv6•Advanced IP
Services only
Advanced IP
Services only
Multiprotocol Routing (IPX, AppleTalk) • • •
Cisco Express Forwarding (CEF) • • • • •
H/W FIB Entries up to 1,000,000 up to 128,000 up to 128,000 up to 20,000 up to 11
,000
VRF Lite IP Services IP Ser vices IP Services IP Services IP Services
INTE GR ATE D SE CU RI TY
Access Control Lists
Reflexive ACL •
Port ACL • • • • • • EI only
Time-based ACL • • • • • • •
Router ACL • • • • •
VLAN ACL • • • • •
VACL with Redirect/Capture/
Logging of Denied Traffic • •*•*capture and
logging
capture and
logging
Context-based Access Control •
H/W-based Access Control Entry (ACE) Counters •
Order-dependent ACL Merge •
Dedicated Hardware Resources
for Security ACLs • • •
ACL Scalability (ACE entries) 32,000 32,000 32,000 2,000 2,000 512 300 ACP
—
EI only
Attack Mitigation
Control Plane Policing (Multiple CPU Rate Limiters) • • •
IP Source Guard • • • • •
DHCP Snooping/Option 82 • • • • • • • S I Option 82 only
Dynamic ARP Inspection • • • • •
MAC Address Notification • • • • • • • • •
Port Security • • • • • • • • •
H/W-based uRFP Check •
H/W-based MAC Learning •
H/W-assisted MAC Aging •
Cisco Catalyst Switches: FEATURE COMPARISON
*As part of IP ACL in VLAN MAP but not for the entire VACL.