Manualshelf

Datasheet

ManualsBrandsCisco ManualsNetworkingWS-C3750E-24PD-E
12345678910
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 22
DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out
bogus addresses. This feature is used by other primary security features to prevent a
number of other attacks such as ARP poisoning.
IP source guard prevents a malicious user from spoofing or taking over another user’s
IP address by creating a binding table between the client’s IP and MAC address, port,
and VLAN.
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at
Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
Private VLAN Edge provides security and isolation between switch ports, which helps
ensure that users cannot snoop on other users’ traffic.
Unicast RPF feature helps mitigate problems caused by the introduction of malformed or
forged (spoofed) IP source addresses into a network by discarding IP packets that lack a
verifiable IP source address.
IEEE 802.1x allows dynamic, port-based security, providing user authentication.
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user
regardless of where the user is connected.
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of
the authorized or unauthorized state of the port.
IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including that of the client.
IEEE 802.1x with an ACL assignment allows for specific identity-based security policies
regardless of where the user is connected.
IEEE 802.1x with guest VLAN allows guests without 802.1x clients to have limited network
access on the guest VLAN.
Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based
browser for authentication.
Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same
switch port while placing them on appropriate Voice and Data VLAN.
MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x
supplicant to get authenticated using the MAC address.
Cisco security VLAN ACLs on all VLANs prevents unauthorized data flows from being
bridged within VLANs.
Cisco standard and extended IP security router ACLs define security policies on routed
interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter
IPv6 traffic.
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual
switch ports.
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version
3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and
SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require
a special cryptographic software image because of U.S. export restrictions.
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Intrusion
Detection System (IDS) to take action when an intruder is detected.