Datasheet
© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 17
Enhanced Work Space Experience for End Users
Borderless Security
The Cisco Catalyst compact switches provide superior Layer 2 threat defense capabilities for mitigating man-in-
the-middle attacks (such as MAC, IP, and ARP spoofing). TrustSec, a primary element of Borderless Security
Architecture, helps enterprise customers secure their networks, data and resources with policy-based access
control, identity and role-aware networking, pervasive integrity, and confidentiality.
The borderless security is enabled by the following feature sets in the Cisco Catalyst 3560-C and 2960-C Series
compact switches:
●
Threat defense
●
Cisco TrustSec
●
Other advanced security features
Threat Defense
Cisco Integrated Security Features are an industry-leading solution available on Cisco Catalyst switches that
proactively protects your critical network infrastructure. Delivering powerful, easy-to-use tools to effectively prevent
the most common and potentially damaging Layer 2 security threats, Cisco Integrated Security Features provide
robust security throughout the network. Cisco Integrated Security Features include Port Security, DHCP Snooping,
Dynamic ARP Inspection, and IP Source guard.
●
Port Security secures the access to an access or trunk port based on MAC address. It limits the number of
learned MAC addresses to deny MAC address flooding.
●
DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus
addresses. This feature is used by other primary security features to prevent a number of other attacks
such as ARP poisoning.
●
Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting
the insecure nature of the ARP protocol.
●
IP source guard prevents a malicious user from spoofing or taking over another user's IP address by
creating a binding table between the client's IP and MAC address, port, and VLAN.
Cisco TrustSec
TrustSec secures access to the network, enforces security policies, and delivers standard-based security solutions
such as 802.1X enabling secure collaboration and policy compliance. TrustSec capabilities reflect Cisco thought
leadership, innovations, and commitment to customer success. These new capabilities include:
●
IEEE 802.1AE MACsec with prestandard 802.1X-REV Key management: industry's first fixed switches with
prestandard 802.1X-Rev key management. Available on Cisco Catalyst 3560-C Series Switches, MACsec
provides Layer 2, line rate Ethernet data confidentiality and integrity on host facing ports, protecting against
man-in-the-middle attacks (snooping, tampering, and replay).
●
Flexible authentication that supports multiple authentication mechanisms including 802.1X, MAC
Authentication Bypass, and web authentication using a single, consistent configuration.
●
Open mode that creates a user friendly environment for 802.1X operations.