Datasheet
Data Sheet
© 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 12
Security
Networkwide security
features
●
IEEE 802.1x allows dynamic, port-based security, providing user authentication.
●
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user
regardless of where the user is connected.
●
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of
the authorized or unauthorized state of the port.
●
IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including those of the client.
●
IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network
access on the guest VLAN.
●
MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant
to get authenticated using their MAC address.
●
Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC
address.
●
Unknown unicast and multicast port blocking allows tight control by filtering packets that the
switch has not already learned how to forward.
●
SSHv2 and SNMPv3 provide network security by encrypting administrator traffic during Telnet
and SNMP sessions. SSHv2 and the cryptographic version of SNMPv3 require a special
cryptographic software image because of U.S. export restrictions.
●
Bidirectional data support on the SPAN port allows the Cisco Secure Intrusion Detection
System (IDS) to take action when an intruder is detected.
●
TACACS+ and RADIUS authentication enable centralized control of the switch and restrict
unauthorized users from altering the configuration.
●
MAC address notification allows administrators to be notified of users added to or removed
from the network.
●
Port security secures the access to an access or trunk port based on MAC address.
●
After a specific timeframe, the aging feature removes the MAC address from the switch to
allow another device to connect to the same port.
●
Multilevel security on console access prevents unauthorized users from altering the switch
configuration.
●
The user-selectable address-learning mode simplifies configuration and enhances security.
●
BPDU Guard shuts down Spanning Tree Protocol PortFast-enabled interfaces when BPDUs
are received to avoid accidental topology loops.
●
Spanning-Tree Root Guard (STRG) prevents edge devices not in the network administrator’s
control from becoming Spanning Tree Protocol root nodes.
●
Voice VLAN-aware port security and BPDU Guard prevent disruption of voice VLAN traffic
when security violations occur.
●
IGMP filtering provides multicast authentication by filtering out no subscribers and limits the
number of concurrent multicast streams available per port.
●
Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy
Server (VMPS) client functions to provide flexibility in assigning ports to VLANs. Dynamic
VLAN helps enable the fast assignment of IP addresses.
●
Cisco Network Assistant software security wizards ease the deployment of security features
for restricting user access to a server as well as to a portion of or the entire network.
Table 3. Cisco Catalyst 2960 LAN Lite Switch Hardware
Description Specification
Performance
●
16-Gbps switching fabric (Cisco Catalyst 2960-8TC-S, Catalyst 2960-24-S, Catalyst 2960-
24TC-S, Catalyst 2960-48TT-S, and Catalyst 2960-48TC-S)
●
Forwarding rate based on 64-byte packets:
Cisco Catalyst 2960-8TC-S: 2.7 Mpps
Cisco Catalyst 2960-24-S: 3.6 Mpps
Cisco Catalyst 2960-24TC-S: 6.5 Mpps
Cisco Catalyst 2960-48TT-S: 10.1 Mpps
Catalyst 2960-48TC-S: 10.1 Mpps
●
64-MB DRAM
●
32-MB flash memory
●
Configurable up to 8000 MAC addresses
●
Configurable up to 255 IGMP groups
●
Configurable maximum transmission unit (MTU) of up to 9000 bytes, with a maximum
Ethernet frame size of 9018 bytes (Jumbo Frames) for bridging on Gigabit Ethernet ports, and
up to 1998 bytes for bridging of Multiprotocol Label Switching (MPLS) tagged frames on both
10/100 and 10/100/1000 ports