Intelligence In The Network; Network Security Through Advanced Security Features - Cisco Catalyst 2950 Datasheet

Intelligence in the Network

Networks of today are evolving to address four new developments at the network edge:
• Increase in desktop computing power
• Introduction of bandwidth-intensive applications
• Expansion of highly sensitive data on the network
• Presence of multiple device types, such as IP phones and wireless LAN access points
These new demands are contending for resources with many existing mission-critical applications. As a result, IT
professionals must view the edge of the network as critical to effectively manage the delivery of information and
applications.
As companies increasingly rely on networks as the strategic business infrastructure, it is more important than ever to
ensure their high availability, security, scalability and control. By adding Cisco intelligent functionality to the wiring
closet, customers can now deploy network-wide intelligent services that address these requirements in a consistent
way from the desktop to the core and through the WAN.
With Cisco Catalyst Intelligent Ethernet switches, Cisco enables companies to realize the full benefits of adding
intelligent services into their networks. Deploying capabilities that make the network infrastructure highly available to
accommodate time-critical needs, scalable to accommodate growth, secure enough to protect confidential information,
and capable of differentiating and controlling traffic flows are key to further optimizing network operations.

Network Security through Advanced Security Features

The Cisco Catalyst 2950 LRE Series switches offer enhanced data security through a wide range of security features.
These features allow customers to enhance LAN security with capabilities to secure network management traffic
through the protection of passwords and configuration information; to provide options for network security based
on users, ports and MAC addresses; and to enable more immediate reactions to intruder and hacker detection. The
security enhancements are available free-of-charge by downloading the latest software release for the Catalyst 3550
and 2950 switches.
Secure Shell (SSH) and Simple Network Management Protocol version 3 (SNMPv3) with encryption protect
information from being tampered with or eavesdropped by encrypting information being passed along the network,
thereby guarding administrative information. To use these features, the crypto (encrypted) Catalyst 2950 LRE
software image must be installed on your switch.
Private VLAN Edge isolates ports on a switch, ensuring that traffic travels directly from the entry point to the
aggregation device through a virtual path and cannot be directed to another port. Local Proxy Address Resolution
Protocol (ARP) works in conjunction with private VLAN edge to minimize broadcasts and maximize available
bandwidth.
Port-based Access Control Parameters (ACPs) restrict sensitive portions of the network by denying packets based
on source and destination MAC addresses, IP addresses, or TCP/UDP ports. ACP lookups are done in hardware;
therefore, forwarding performance is not compromised when implementing this type of security in the network. In
addition, Time-based ACLs allow configuration of differentiated services based on time periods. ACLs can also be
applied to filter traffic based on DSCP values. Port security provides another means to ensure the appropriate user
is on the network by limiting access based on MAC addresses. For authentication of users with a Terminal Access
All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Cisco Systems, Inc.
Page 3 of 19