Datasheet
Table Of Contents
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 17
To guard against denial-of-service and other attacks, ACLs can be used to restrict access to sensitive portions of the
network, blocking unauthorized access to servers and applications, by denying packets based on source and
destination MAC addresses, IP addresses, or Transmission Control Protocol/User Datagram Protocol (TCP/UDP)
ports. ACL lookups are done in hardware, so forwarding performance is not compromised when implementing
ACL-based security.
Portsecuritycanbe used to limitaccessonan Ethernet port basedontheMAC address of thedevicethatis connected
to it. It can also limit the total number of devices plugged into a switch port, reducing the risks of rogue wireless
access points or hubs.
Secure Shell (SSH), Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) encrypt
administrative and network management information, protecting the network from tampering or eavesdropping.
Terminal Access Controller Access Control System (TACACS+) and Remote Access Dial-In User Service (RADIUS)
authentication enable centralized access control of switches and restrict unauthorized users from altering the
configurations. Alternatively, a local username and password database can be configured on the switch itself. Fifteen
levels of authorization on the switch console and two levels on the Web-based management interface provide the
ability to give different levels of configuration capabilities to different administrators.
The MAC Address Notification feature can be used to monitor the network and track users by sending an alert to a
management station so that network administrators know whenandwhere users entered the network. The Dynamic
Host Configuration Protocol (DHCP) Interface Tracker (Option 82) feature tracks where a user is physically
connected on a network by providing both the switch and the port ID to a DHCP server.
ThePrivateVLANEdge feature isolates portsonaswitch,helping to ensure thattraffictravelsdirectly from the entry
point to the aggregation device through a virtual path and cannot be directed to another port.
High Availability
The Cisco Catalyst 2970 Series offers several high-availability features to reduce network downtime, maintain
mission-critical applications, and reduce total cost of ownership.
Enhancements to the standard Spanning-Tree Protocol, suchas Per-VLAN Spanning-Tree Plus (PVST+), UplinkFast,
and PortFast maximize network uptime. PVST+ allows for Layer 2 load sharing on redundant links to efficiently use
the extra capacity inherent in a redundant design. UplinkFast, PortFast, and BackboneFast all greatly reduce the
standard 30-to-60-second Spanning-Tree Protocol convergence time. Loop Guard and Bridge Protocol Data
Unit (BPDU) Guard provide Spanning-Tree Protocol loop avoidance.
Customers can achieve maximum power availability for a converged voice and data network when a Cisco
Catalyst 2970 Series Switchis combined with the Cisco Redundant Power System(RPS) 675 for seamless protection
against internal power supply failures.
Advanced QoS
The Cisco Catalyst 2970 Series offers superior multilayer, granular QoS features to avoid congestion and help ensure
that network traffic is properly classified and prioritized. Configuration of QoS is greatly simplified through
Automatic QoS (AutoQoS), a feature that detects Cisco IP phones and automatically configures switches for the
appropriate classification and egress queuing. This optimizes traffic prioritization and network availability without
the challenge of complex configuration.