Manualshelf

Datasheet

ManualsBrandsCisco ManualsNetworkingWS-C3560X-24U-L
12345678910
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 37
4. Security Anomaly Detection by examining flows that do not traverse trust boundaries for inside the perimeter
attacks
5. Impacts of network and application changes
6. Compliance conformation
7. Traffic patterns for capacity planning
Enabling FNF at the access switch ensures you get all flows. The access switch is the most logical place in the
network for collecting statistics and monitoring all flows. With Netflow, you can obtain MAC-address and access
port information associated with the flow, to get directly to the source of the flow. Most collectors are able to
leverage the location based on MAC-address and interface port number provided by the access switch to the
collector. Thus by enabling FNF at the access switch you are able to get the location information of the flow. The
access switch has a variety of identity mechanism for user authentication and adding user awareness is the natural
progression that can be developed. Access switches are an order of magnitude greater than distribution and core
which makes them scale well for FNF and ensure there are no performance impacts of oversubscription at
aggregation and core.
10GB-T Module
The new Cisco 10G Base-T module is hot-swapable and can operate at either 10GE or GE speed (with manual
configuration).
Table 5 shows the cable types and supported lengths of the new Cisco 10G Base-T module.
Table 5. 10GB-T Cable Types and Supported Lengths
Cable Type
Supported Length
Category 7a
100 meters
Category 7
100 meters
Category 6
55 meters
Category 6a
*
100 meters
*
Category 6a requires 3db Insertion Loss margin at 250MHz.
MACsec
The Cisco Catalyst 3750-X and 3560-X Series Switches offer exceptional security with integrated hardware support
for MACsec defined in IEEE 802.1AE. MACsec provides MAC layer encryption over wired networks using out-of-
band methods for encryption keying. The MACsec Key Agreement (MKA) protocol provides the required session
keys and manages the keys required for encryption when configured. MKA and MACsec are implemented following
successful authentication using 802.1x Extensible Authentication Protocol (EAP) framework. In Cisco Catalyst
3750-X and 3560-X Series Switches both the user/down-link ports (links between the switch and endpoint devices
such as a PC or IP phone) and, using the service module, the network/up-link ports can be secured using MACsec.
With the service module you can encrypt switch to switch links such as access to distribution, or encrypt dark fiber
links within a building or between buildings.