Datasheet
3
Performance
•
Switch on a chip: provides highly integrated,
high-performance switch design with a non-blocking
architecture
•
Jumbo packet support: supports up to
9216-byte frame size to improve performance of
large data transfers (2520G switch)
Resiliency and high availability
•
Port trunking and link aggregation:
– Trunking: supports up to eight links per trunk to
increase bandwidth and create redundant
connections
– IEEE 802.3ad Link Aggregation Protocol
(LACP): eases configuration of trunks through
automatic configuration
•
IEEE 802.1s Multiple Spanning Tree
Protocol (MSTP): provides high link availability in
multiple VLAN environments by allowing multiple
spanning trees; provides legacy support for IEEE
802.1w (Rapid Reconfiguration of Spanning Tree
Protocol) and IEEE 802.1d (Spanning Tree Protocol)
Layer 2 switching
•
VLAN support and tagging: supports the IEEE
802.1Q (4,094 VLAN IDs) and up to 256
port-based VLANs simultaneously
•
GARP VLAN Registration Protocol (GVRP):
allows automatic learning and dynamic assignment
of VLANs
•
Broadcast control: allows limitation of broadcast
traffic rate to cut down on unwanted broadcast
traffic on the network
Security
•
Manager and operator privilege levels:
enables read-only (operator) and read-write
(manager) access on management interfaces
•
RADIUS/TACACS+ for management access
authentication: eases switch management
security administration by using a password
authentication server
•
Secure protocols for encryption of
management traffic:
– Secure Shell (SSHv2): encrypts all transmitted
data for secure, remote CLI access over IP
networks
– Secure Sockets Layer (SSL): encrypts all HTTP
traffic, allowing secure access to the
browser-based management GUI in the switch
– Simple Network Management Protocol
(SNMP) v3: allows encryption of traffic between
switch MIBs and network management software
– Secure FTP (SFTP): encrypts uploads and
downloads of configuration file
•
Protected ports: prevents designated ports from
communicating with each other while allowing
access to unprotected ports
•
Port security: allows access only to specified
MAC addresses, which can be learned or specified
by the administrator
•
MAC address lockout: prevents particular
configured MAC addresses from connecting to the
network
•
MAC address lockdown: allows only specified
MAC addresses access to the network on a
specified port
•
Denial-of-service (DoS) attack filtering:
automatically filters and drops common DoS attack
traffic types
•
User authentication for port access:
– IEEE 802.1X: utilizes an industry-standard user
authentication with an IEEE 802.1X supplicant on
the client in conjunction with a RADIUS server
– Web-based: similar to IEEE 802.1X, it provides
a browser-based environment to authenticate
clients
– MAC-based: client is authenticated with the
RADIUS server based on MAC address
– Concurrent authentication schemes: each
switch port will accept up to two sessions of IEEE
802.1X, Web, and/or MAC authentications
concurrently
•
Custom banner: displays security policy when
users log in to the switch
•
Spanning Tree Protocol Bridge Protocol
Data Unit (BPDU) port protection: blocks
BPDUs on ports that do not require BPDUs,
preventing forged BPDU attacks
•
Spanning Tree Protocol Root Guard: when
running the spanning tree protocol, protects root
bridge from malicious attack or configuration
mistakes