Datasheet
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 16 of 37
●
Configuration management tools built from Cisco experience and Cisco Validated Design
recommendations
●
Monitoring and troubleshooting capabilities that incorporates Cisco hardware best practices and
diagnostics features
●
Automation in managing hardware inventories, security vulnerabilities (PSIRTS) and platform end-of-life
and support cycles
For detailed information about CiscoWorks LMS, go to
http://www.cisco.com/en/US/products/sw/cscowork/ps2425/index.html.
Borderless Security
The Cisco Catalyst 3750-X and 3560-X Series Switches provide superior Layer 2 threat defense capabilities for
mitigating man-in-the-middle attacks (such as MAC, IP, and ARP spoofing). TrustSec, a primary element of
Borderless Security Architecture, helps enterprise customers secure their networks, data and resources with
policy-based access control, identity and role-aware networking, pervasive integrity, and confidentiality. The
borderless security is enabled by the following feature sets in the Cisco Catalyst 3750-X and 3560-X Series
Switches:
●
Threat defense
●
Cisco TrustSec
●
Other advanced security features
Threat Defense
Cisco Integrated Security Features is an industry-leading solution available on Cisco Catalyst Switches that
proactively protects your critical network infrastructure. Delivering powerful, easy-to-use tools to effectively prevent
the most common and potentially damaging Layer 2 security threats, Cisco Integrated Security Features provides
robust security throughout the network. Cisco Integrated Security Features include Port Security, DHCP Snooping,
Dynamic ARP Inspection, and IP Source guard.
●
Port Security secures the access to an access or trunk port based on MAC address. It limits the number of
learned MAC addresses to deny MAC address-flooding.
●
DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus
addresses. This feature is used by other primary security features to prevent a number of other attacks
such as ARP poisoning.
●
Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting
the insecure nature of the ARP protocol.
●
IP source guard prevents a malicious user from spoofing or taking over another user’s IP address by
creating a binding table between the client’s IP and MAC address, port, and VLAN.
Cisco TrustSec
TrustSec secures access to the network, enforces security policies, and delivers standard based security solutions
such as 802.1X enabling secure collaboration and policy compliance. TrustSec capabilities reflect Cisco thought
leadership, innovations, and commitment to customer success. These new capabilities include:
●
IEEE 802.1AE MACsec with prestandard 802.1X-REV Key management: industry’s first fixed switches with
prestandard 802.1X-Rev key management. Available on Cisco Catalyst 3750-X and 3560-X Series