Service Security Through Access Control Lists; Service Security Through Enhanced Security Features; Service Management Through Ie 2100 And Snmp - Cisco Catalyst 3550 Datasheet

Metro network scalability is also enhanced by the Cisco Catalyst 3550 Series support of 4,096 VLAN IDs and 1,005
active VLANs per switch. VLAN trunks can be created from any port using the standards-based 802.1Q or the Cisco
Inter-Switch Link (ISL) VLAN trunking architecture.
Service Security through Access Control Lists and Enhanced Security Features
The Cisco Catalyst 3550 Series offers enhanced data security through the use of access control lists (ACLs). By
denying packets based on source and destination MAC addresses, IP addresses, or TCP/UDP ports, users can be
restricted from sensitive portions of the network. Also, because all ACL lookups are done in hardware, forwarding
and routing performance is not compromised when implementing ACL-based security in the network. For superior
security management, the Cisco Catalyst 3550 Series supports standard and extended ACLs on VLANs, Layer 3
interfaces, as well as Layer 2 interfaces.
Service providers can also implement higher levels of security by enabling private VLAN edge. This feature provides
security and isolation between ports on a switch, ensuring that traffic travels directly from its entry point to the
aggregation device through a virtual path and cannot be directed to a different port. Local Proxy Address Resolution
Protocol (ARP) works in conjunction with private VLAN edge to minimize broadcasts and maximize
available bandwidth.
With the Cisco Catalyst 3550 Series, service providers can implement high levels of console security. Multilevel access
security on the switch console and the Web-based management interface prevents unauthorized users from accessing
or altering switch configuration. Terminal Access Controller Access Control System (TACACS+) and Remote
Authentication Dial-In User Service (RADIUS) authentication enable centralized access control of the switch and
restricts unauthorized users from altering the configuration.
Service providers are also able to enhance their network security by adding 802.1x port-based authentication for
authenticating individual customers, DHCP Interface Tracker (Option 82) for relaying customer identification
(switch and port ID) to a DHCP server, and port security with MAC address aging for limiting the concurrent MAC
addresses allowed per port.

Service Management through IE 2100 and SNMP

The Cisco Catalyst 3550 Series provides outstanding service management capabilities via Cisco IE 2100 Series
Intelligence Engine support and SNMP. Service providers will be able to integrate the Cisco Catalyst 3550 Series
seamlessly into their operations support systems (OSSs) and enable improved flow-through provisioning.
®
The Cisco IE 2100 Series network device allows service providers to effectively manage a network of Cisco IOS
Software devices, including the Cisco Catalyst 3550 Series. It is a completely self-contained unit that includes a
task-oriented Web graphic user interface (GUI), a programmable extensible markup language (XML) interface,
configuration template management, and an embedded repository. Network operators can use the Web GUI to
quickly turn existing Cisco IOS CLI configuration files into reusable templates. The Cisco IE 2100 Series integrates
easily into existing customer OSSs or business support systems (BSSs) and provisioning systems via its external
repository support and the event-based Cisco IOS XML interface that effectively "workflow-enables" Cisco
device deployment.
Service providers also can manage the Cisco Catalyst 3550 Series using Simple Network Management Protocol
(SNMP) version 2 and version 3, and the Telnet interface for comprehensive in-band management. A CLI-based
management console provides detailed out-of-band management.
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 6 of 20