Cisco Catalyst 3560-48TS Brochure page 4

All contents are Copyright © 1992–2006, 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Secure Shell Protocol Version 2 (SSHv2) and Simple Network Management Protocol
●
Version 3 (SNMPv3) provide network security by encrypting administrator traffic-preventing
unauthorized users from accessing passwords or configuration information.
Access control lists (ACLs) can be used to restrict access to sensitive portions of the
●
network by denying packets based on source and destination MAC addresses, IP
addresses, or TCP/UDP ports. ACLs can be used to guard against denial-of-service (DoS)
and other attacks, and because ACL processing is done in hardware, forwarding
performance of the switch is not compromised when implementing ACL-based security.
Private VLAN edge provides security and isolation between ports on a switch, helping
●
ensure that voice traffic travels directly from its entry point to the aggregation device
through a virtual path and cannot be directed to a different port.
Port security can be used to limit access on an Ethernet port based on the MAC address
●
of the device that is connected to it. It also can be used to limit the total number of devices
plugged into a switch port, thereby reducing the risks of rogue wireless access points
or hubs.
MAC Address Notification can be used to monitor the network and track users by sending
●
an alert to a management station so that network administrators know when and where
users entered the network. The Dynamic Host Configuration Protocol (DHCP) Interface
Tracker (Option 82) feature tracks where a user is physically connected on a network by
providing both switch and port ID to a DHCP server. Additionally, the DHCP Snooping
Option 82 feature enables granular control over IP address assignment by a DHCP server
by augmenting a host IP address request so that the DHCP server can make a more
sophisticated address assignment.
TACACS+ or RADIUS authentication facilitates centralized access control of switches and
●
restricts unauthorized users from altering the configurations. Alternatively, a local username
and password database can be configured on the switch itself. Fifteen levels of
authorization on the switch console and two levels on the Web-based management
interface provide the ability to give different levels of configuration capabilities to different
administrators.
Redundancy
The Cisco Catalyst 3560 Series supports the following capabilities to optimize network availability,
so that users can access data at all times, locally and remotely:
Per VLAN Rapid Spanning Tree Plus (PVRST+) allows rapid spanning-tree reconvergence
●
on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree
instances.
Flex Links are a pair of Layer 2 interfaces (switch ports or port channels), where one
●
interface is configured to act as a backup to the other. This feature provides an alternative
solution to the Spanning Tree Protocol, allowing users to turn off Spanning Tree Protocol
and still provide basic link redundancy.
802.1s Multiple Spanning Tree Protocol facilitates load balancing and improves network
●
fault tolerance by providing multiple forwarding paths for data traffic. 802.1w Rapid
Spanning Tree Protocol provides rapid recovery of uplink connectivity following failure.
Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, failsafe
●
routing topologies.
Brochure
Page 4 of 8