Datasheet
© 2015 Cisco and/or its affiliates. This document is Cisco Public Information. Page 13 of 30
●
Device access:
◦ Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3
(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions.
SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic
software image because of U.S. export restrictions.
◦ TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts
unauthorized users from altering the configuration.
◦ Multilevel security on console access prevents unauthorized users from altering the switch configuration.
●
Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when
BPDUs are received to avoid accidental topology loops.
●
Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from
becoming Spanning Tree Protocol root nodes.
●
Wireless end-to-end security offers CAPWAP-compliant DTLS encryption to make sure of encryption
between access points and controllers across remote WAN/LAN links.
Resiliency
Borderless networks enable enterprise mobility and business-grade video services. Industry’s first unified network
(wired plus wireless) location services enable tracking of mobile assets and the users of those assets for both
wired plus wireless devices. The true borderless experience is enabled by the following feature sets in the Cisco
Catalyst 3850 Series Switches:
●
High availability
●
High-performance IP routing
●
Superior QoS
High Availability
In addition to StackWise-480 and StackPower, the Cisco Catalyst 3850 Series supports high-availability features
including but not limited to the following:
●
Cross-Stack EtherChannel provides the ability to configure Cisco EtherChannel technology across different
members of the stack for high resiliency.
●
Flexlink provides link redundancy with convergence time less than 100ms.
●
IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) provides rapid spanning-tree convergence
independent of spanning-tree timers and also offers the benefit of Layer 2 load balancing and distributed
processing.
●
Per-VLAN Rapid Spanning Tree (PVRST+) allows rapid spanning-tree (IEEE 802.1w) reconvergence on a
per-VLAN spanning-tree basis, providing simpler configuration than MSTP. In both MSTP and PVRST+
modes, stacked units behave as a single spanning-tree node.
●
Switch-port autorecovery (“err-disable” recovery) automatically attempts to reactivate a link that is disabled
because of a network error.