Carrier Access Catalyst 3750 Series User Manual

Page 7

Advertising
background image

Cisco Systems, Inc.

All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.

Page 7 of 18

Granular rate limiting

• Cisco Committed Information Rate (CIR) function guarantees bandwidth in

increments as low as 8 Kbps.

• Rate limiting is provided based on source and destination IP address, source and

destination MAC address, Layer 4 TCP/UDP information, or any combination of
these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy
maps.

• Asynchronous data flows upstream and downstream from the end station or on

the uplink are easily managed using ingress policing and egress shaping.

• Up to 64 aggregate or individual policers are available per Fast Ethernet or

Gigabit Ethernet port.

Security

Network-wide security
features

• IEEE 802.1x allows dynamic, port-based security, providing user authentication.

• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a

specific user regardless of where the user is connected.

• IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN

irrespective of the authorized or unauthorized state of the port.

• IEEE 802.1x and port security are provided to authenticate the port and manage

network access for all MAC addresses, including that of the client.

• IEEE 802.1x with an ACL assignment allows for specific identity-based security

policies regardless of where the user is connected.

• IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited

network access on the Guest VLAN.

• Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows

to be bridged within VLANs.

• Cisco standard and extended IP security Router ACLs (RACLs) define security

policies on routed interfaces for control-plane and data-plane traffic.

• Port-based ACLs (PACLs) for Layer 2 interfaces allow security policies to be

applied on individual switch ports.

• Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management

Protocol Version 3 (SNMPv3) provide network security by encrypting
administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the
cryptographic version of SNMPv3 require a special cryptographic software image
due to U.S. export restrictions.

• Private VLAN Edge provides security and isolation between switch ports, which

helps ensure that users cannot snoop on other users’ traffic.

• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco

Secure Intrusion Detection System (IDS) to take action when an intruder is
detected.

• Terminal Access Controller Access Control System Plus (TACACS+) and Remote

Authentication Dial-In User Service (RADIUS) authentication enable centralized
control of the switch and restrict unauthorized users from altering the
configuration.

• MAC address notification allows administrators to be notified of users added to

or removed from the network.

• Port security secures the access to an access or trunk port based on MAC address.

• After a specific timeframe, the aging feature removes the MAC address from the

switch to allow another device to connect to the same port.

Table 1

Product Features and Benefits

Feature

Benefit

Advertising
Popular Brands
Popular manuals