Manualshelf

Datasheet

ManualsBrandsCisco ManualsNetworkingSG500X-24P-K9-G5
12345678910
© 2011–2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 16
Data Sheet
Feature Description
Security
SSH SSH is a secure replacement for Telnet traffic. SCP also uses SSH. SSH versions 1 and 2
are supported.
SSL Secure Sockets Layer (SSL) encrypts all HTTPS traffic, allowing secure access to the browser-based
management GUI in the switch.
IEEE 802.1X
(Authenticator role)
RADIUS authentication and accounting, MD5 hash, guest VLAN, unauthenticated VLAN,
single/multiple host mode and single/multiple sessions
Supports time-based 802.1X
Dynamic VLAN assignment
STP BPDU Guard A security mechanism to protect the networks from invalid configurations. A port enabled for Bridge
Protocol Data Unit (BPDU) Guard is shut down if a BPDU message is received on that port. This
avoids accidental topology loops.
STP Root Guard This prevents edge devices not in the network administrator’s control from becoming Spanning Tree
Protocol root nodes.
DHCP snooping Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted
interfaces. This prevents rogue devices from behaving as a DHCP Server.
IP Source Guard (IPSG) When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if
the source IP addresses of the packets have not been statically configured or dynamically learned
from DHCP snooping. This prevents IP Address Spoofing.
Dynamic ARP Inspection (DAI) The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if
there is a discrepancy between the source or destination address in the ARP packet. This prevents
man-in-the-middle attacks.
IP/Mac/Port Binding (IPMB) The features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) above work together
to prevent DoS attacks in the network, thereby increasing network availability
Secure Core Technology (SCT)
Ensures that the switch will receive and process management and protocol traffic no matter how much
traffic is received.
Secure Sensitive Data (SSD) A mechanism to manage sensitive data (such as passwords, keys, etc.) securely on the switch,
populating this data to other devices, and secure autoconfig. Access to view the sensitive data as
plaintext or encrypted is provided according to the user configured access level and the access
method of the user.
Layer 2 isolation (PVE) with
community VLAN*
Private VLAN Edge provides security and isolation between switch ports, which helps ensure that
users cannot snoop on other users’ traffic; supports multiple uplinks.
Port security Ability to lock Source MAC addresses to ports, and limit the number of learned MAC addresses.
RADIUS/TACACS+ Supports RADIUS and TACACS authentication. Switch functions as a client.
RADIUS accounting The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the
amount of resources (such as time, packets, bytes, and so on) used during the session.
Storm control Broadcast, multicast, and unknown unicast.
DoS prevention Denial-of-Service (DoS) attack prevention.
Congestion avoidance A TCP congestion avoidance algorithm is required to minimize and prevent global TCP loss
synchronization.
Multiple user privilege levels
in CLI
Levels 1, 7, and 15 privilege levels.
ACLs Support for up to 2K (2048) rules on 500 Series and 3K (3072) on 500X series.
Drop or rate limit based on source and destination MAC, VLAN ID or IP address, protocol, port,
DSCP/IP precedence, TCP/ User Datagram Protocol (UDP) source and destination ports, 802.1p
priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, Internet Group
Management Protocol (IGMP) packets, TCP flag.
Time-based ACLs supported.
Quality of Service
Priority levels 8 hardware queues
Scheduling Strict Priority and weighted round-robin (WRR)
Class of service Port based; 802.1p VLAN priority based; IPv4/v6 IP precedence/ToS/DSCP based; DiffServ;
classification and re-marking ACLs, Trusted QoS
Queue assignment based on differentiated services code point (DSCP) and class of service
(802.1p/CoS)
Rate limiting Ingress policer; egress shaping and ingress rate control; per VLAN, per port, and flow based