Specification Sheet
© 2021 Cisco and/or its affiliates. All rights reserved. Page 8 of 26
Feature
Description
Dynamic Host
Configuration Protocol
(DHCP) relay at Layer 3
Relay of DHCP traffic across IP domains
User Datagram Protocol
(UDP) relay
Relay of broadcast information across Layer 3 domains for application discovery or relaying
of Bootstrap Protocol (BootP)/DHCP packets
Security
Secure Sockets Layer
(SSL)
SSL encrypts all HTTPS traffic, allowing secure access to the browser-based management
GUI in the switch
Secure Shell (SSH)
Protocol
SSH is a secure replacement for Telnet traffic. Secure Copy (SCP) also uses SSH. SSH v1
and v2 are supported.
IEEE 802.1X (authenticator
role)
Remote Authentication Dial-In User Service (RADIUS) authentication, guest VLAN,
single/multiple host mode, and single/multiple sessions
STP loopback guard
Provides additional protection against Layer 2 forwarding loops (STP loops)
Secure Core Technology
(SCT)
Ensures that the switch will receive and process management and protocol traffic no matter
how much traffic is received
Secure Sensitive Data
(SSD)
A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on
the switch, populating this data to other devices, and secure autoconfig. Access to view the
sensitive data as plain text or encrypted is provided according to the user-configured access
level and the access method of the user
Trustworthy systems
Trustworthy systems provide a highly secure foundation for Cisco products
Run-time defenses (Executable Space Protection [X-Space], Address Space Layout
Randomization [ASLR], Built-In Object Size Checking [BOSC])
Port security
Ability to lock source MAC addresses to ports and limit the number of learned MAC
addresses
RADIUS
Supports RADIUS authentication for management access. Switch functions as a client.
Storm control
Broadcast, multicast, and unknown unicast
DoS prevention
Denial-of-Service (DoS) attack prevention
Multiple user privilege
levels in CLI
Level 1, 7, and 15 privilege levels
Access Control Lists
(ACLs)
Support for up to 512 rules
Drop or rate limit based on source and destination MAC, VLAN ID or IPv4 or IPv6 address,
IPv6 flow label, protocol, port, Differentiated Services Code Point (DSCP)/IP precedence,
TCP/UDP source and destination ports, 802.1p priority, Ethernet type, Internet Control
Message Protocol (ICMP) packets, IGMP packets, TCP flag; ACL can be applied on both
ingress and egress sides
Time-based ACLs supported