Datasheet
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 8 of 19
• Private VLAN edge provides security and isolation between ports on a switch, ensuring that
voice traffic travels directly from its entry point to the aggregation device through a virtual
path and cannot be directed to a different port.
• Support for the 802.1x standard allows users to be authenticated, regardless of which LAN
port they are accessing, and provides unique benefits to customers who have a large base
of mobile (wireless) users accessing the network.
– IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific
user, regardless of where the user is connected.
– IEEE 802.1x with voice VLAN gives an IP phone access to the voice VLAN, regardless of
the authorized or unauthorized state of the port.
– IEEE 802.1x with port security authenticates the port and manages network access for all
MAC addresses, including the clients’.
– IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited
network access on the Guest VLAN.
• SSHv2 and SNMPv3 provide network security by encrypting administrator traffic during
Telnet and SNMP sessions. SSHv2 and the crypto version of SNMPv3 require a special
crypto software image due to US export restrictions.
• Port Security and unicast MAC filtering secures the access to a port based on MAC
addresses. The aging feature of port security removes the MAC address from the switch
aftera specific timeframe to allow another deviceto connect to the same port. Unicast MAC
filtering allows non-IP packets to be filtered as well.
• With unknown unicast/multicast port blocking, the switch will not flood packets with
unknown destination MAC addresses to all Ethernet ports. Unknown unicast/multicast port
blocking disables flooding on a per-port basis.
• MAC address notification allows administrators to be notified of new users added or
removed from the network.
• Spanning-tree root guard (STRG) prevents edge devices not in the network administrator’s
control from becoming Spanning-Tree Protocol root nodes.
• The Spanning-Tree Protocol PortFast/bridge protocol data unit (BPDU) guard feature
disables access ports with Spanning-Tree Protocol PortFast enabled upon reception of a
BPDU, and increases network reliability, manageability, and security.
• Multilevel console access security prevents unauthorized users from altering the switch
configuration.
• TACACS+ andRADIUS authentication enables centralized control of the switch and restricts
unauthorized users from altering the configuration.
• The user-selectable address-learning mode simplifies configuration and enhances security.
• Trusted Boundary provides the ability to trust the QoS priority settings if a Cisco IP phone is
present and to disable the trust setting if the IP phone is removed, preventing a rogue user
from overriding prioritization policies in the network.
• IGMP Filtering provides multicast authentication by filtering out nonsubscribers and limits
the number of concurrent multicast streams available per port.
• Support for dynamic VLAN assignment through implementation of VLAN Membership
Policy Server (VMPS) client functionality provides flexibility in assigning ports to VLANs.
Dynamic VLAN enables fast assignment of IP addresses.
• SPAN support of Intrusion Detection Systems (IDSs) to monitor, repel, and report network
security violations.
• Cisco Network Assistant Software Security Wizards ease the deployment of security
features for restricting user access to a server, a portion of the network or access to the
network.
QoS
Table 1 Product Features and Benefits
Feature Benefit