Datasheet
Table Of Contents
- Cisco ESW2 Series Advanced Managed Switches
- Cisco ESW2 Series Advanced Managed Switches
- Features and Benefits
- Easy Deployment and Use
- Data Center and Mobile Switching Center Optimized Solution
- High Reliability and Resiliency
- Simplified IT Operation
- True Stacking
- Strong Security
- Networkwide Automatic Voice Deployment
- IPv6 Support
- Advanced Layer 3 Traffic Management
- Power Efficiency
- Expandability
- Peace of Mind and Investment Protection
- Cisco Limited Lifetime Hardware Warranty
- World-Class Service and Support
- Product Specifications
- Ordering Information
- For More Information
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 16
Feature Description
IEEE 802.1X
(Authenticator role)
RADIUS authentication and accounting, MD5 hash, guest VLAN, unauthenticated VLAN, single/multiple host
mode and single/multiple sessions
Supports time-based 802.1X
Dynamic VLAN assignment
STP BPDU Guard A security mechanism to protect the networks from invalid configurations. A port enabled for Bridge Protocol
Data Unit (BPDU) Guard is shut down if a BPDU message is received on that port. This avoids accidental
topology loops.
STP Root Guard Prevents a port from being selected as a root port, effectively preventing bridges in the LAN segment
connected to the port from being a root bridge. This prevents edge devices not in the network administrator’s
control from becoming Spanning Tree Protocol root nodes.
DHCP snooping Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces.
This prevents rogue devices from behaving as a DHCP Server.
IP Source Guard (IPSG) When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the
source IP addresses of the packets have not been statically configured or dynamically learned from DHCP
snooping. This prevents IP Address Spoofing.
Dynamic ARP Inspection (DAI) The switch discards Address Resolution Protocol (ARP) packets from a port if there are no static or dynamic
IP/MAC bindings or if there is a discrepancy between the source or destination address in the ARP packet.
This prevents man-in-the-middle attacks.
Secure Core Technology (SCT) Helps ensure that the switch will receive and process management and protocol traffic no matter how much
traffic is received.
Secure Sensitive Data (SSD) A mechanism to manage sensitive data (such as passwords, keys, etc.) securely on the switch, populating this
data to other devices, and secure autoconfig. Access to view the sensitive data as plaintext or encrypted is
provided according to the user-configured access level and the access method of the user.
Layer 2 isolation (PVE) with
community VLAN*
Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users cannot
snoop on other users’ traffic; supports multiple uplinks.
Port security Ability to lock MAC addresses to ports, and limit the number of learned MAC addresses.
RADIUS/TACACS+ Supports RADIUS and TACACS authentication. Switch functions as a client.
RADIUS accounting The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount
of resources (such as time, packets, bytes, and so on) used during the session.
Storm control Broadcast, multicast, and unknown unicast.
DoS prevention DoS attack prevention.
Congestion avoidance A TCP congestion avoidance algorithm is required to minimize and prevent global TCP loss synchronization.
Multiple user privilege levels in CLI
Levels 1, 7, and 15 privilege levels.
ACLs Support for up to 3000 rules on 550X series.
Drop or rate limit based on source and destination MAC, VLAN IDor IP address, protocol, port, DSCP/IP
precedence, TCP/ User Datagram Protocol (UDP) source and destination ports, 802.1p priority, Ethernet type,
Internet Control Message Protocol (ICMP) packets, Internet Group Management Protocol (IGMP) packets, and
TCP flag.
Time-based ACLs supported.
Quality of Service
Priority levels Four hardware queues (eight future)
Scheduling Strict priority and weighted round-robin (WRR)
Class of service Port based; 802.1p VLAN priority based; IPv4/v6 IP precedence/ToS/DSCP based; DiffServ; classification and
re-marking ACLs, Trusted QoS
Queue assignment based on differentiated services code point (DSCP) and class of service (802.1p/CoS)
Rate limiting Ingress policer; egress shaping and ingress rate control; per VLAN, per port, and flow based