Datasheet
Cisco Systems, Inc.
All contents are Copyright © 1992–2005 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 6 of 13
Feature Benefit
addresses.
Switch Security
• Control Plane Protection prevents DoS attacks on the CPU.
• Secure Shell (SSH) Protocol, Kerberos, and SNMPv3 provide network security by encrypting
administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version
of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
• Port security secures the access to an access or trunk port based on MAC address. After a specific
timeframe, the aging feature removes the MAC address from the switch to allow another device to
connect to the same port.
• Multilevel security on the console access prevents unauthorized users from altering the switch
configuration.
• TACACS+ and RADIUS authentication facilitate centralized control of the switch and restrict
unauthorized users from altering the configuration.
• Configuration File Protection helps ensure that only authenticated users have access to the
configuration file.
Network Security
• Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within
VLANs.
• Port-based ACLs for Layer 2 interfaces allow for application of security policies on individual switch
ports.
• MAC address notification allows administrators to be notified of users added to or removed from the
network.
• IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number
of concurrent multicast streams available per port.
Network Monitoring
• Remote Switched Port Analyzer (RSPAN) allows for remote monitoring of the user interface.
• Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Intrusion
Detection System (IDS) to take action when an intruder is detected.
Manageability
Superior Manageability • The Cisco IOS CLI provides a common user interface and command set with all Cisco routers and
Cisco Catalyst desktop switches.
• Service Assurance Agent (SAA) provides service-level management throughout the LAN.
• VLAN trunks can be created from any port, using standards-based 802.1Q tagging. Up to 1005 VLANs
per switch and up to 128 spanning-tree instances per switch are supported.
• Four thousand VLAN IDs are supported.
• RSPAN allows administrators to remotely monitor ports in a Layer 2 switch network from any other
switch in the same network.
• For enhanced traffic management, monitoring, and analysis, the embedded Remote Monitoring
(RMON) software agent supports four RMON groups (history, statistics, alarms, and events).
• Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from
source to destination.
• All nine RMON groups are supported through a SPAN port, permitting traffic monitoring of a single
port, a group of ports, or the entire stack from a single network analyzer or RMON probe.
• Domain Name System (DNS) provides IP-address resolution with user-defined device names.
• Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by
downloading from a centralized location.
• Network Timing Protocol (NTP) provides an accurate and consistent time stamp to all intranet
switches.










