Datasheet
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 17 of 37
Switches, MACsec provides Layer 2, line rate Ethernet data confidentiality and integrity on host facing
ports, protecting against man-in-the-middle attacks (snooping, tampering, and replay).
●
FIPS 140-2 validated for devices used in government and sensitive environments for extremely high levels
of data security.
●
Flexible authentication that supports multiple authentication mechanisms including 802.1X, MAC
Authentication Bypass and web authentication using a single, consistent configuration.
●
Open mode that creates a user friendly environment for 802.1X operations.
●
Integration of device profiling technology and guest access handling with Cisco switching to
significantly improve security while reducing deployment and operational challenges.
●
RADIUS Change of Authorization and downloadable Calls for Comprehensive policy management
capabilities.
●
802.1X Supplicant with Network Edge Access Transport (NEAT) enables extended secure access
where compact switches in the conference rooms have the same level of security as switches inside the
locked wiring closet.
Other Advanced Security Features
Other Advanced Security features include but are not limited to:
●
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2,
turning a broadcast segment into a nonbroadcast multiaccesslike segment.
●
Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users
cannot snoop on other users’ traffic.
●
Unicast Reverse Path Forwarding (RPF) feature helps mitigate problems caused by the introduction of
malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a
verifiable IP source address.
●
Multidomain Authentication allows an IP phone and a PC to authenticate on the same switch port while
placing them on appropriate voice and data VLAN.
●
Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within
VLANs.
●
Cisco standard and extended IP security router ACLs define security policies on routed interfaces for
control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
●
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
●
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3
(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions.
SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic
software image because of U.S. export restrictions.
●
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows Cisco Intrusion Detection
System (IDS) to take action when an intruder is detected.
●
TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts
unauthorized users from altering the configuration.
●
MAC Address Notification allows administrators to be notified of users added to or removed from the
network.