Manualshelf

Datasheet

ManualsBrandsCisco ManualsNetworkingMGBBX1
12345678910
© 2011–2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 16
Data Sheet
Feature Description
Multicast TV VLAN Multicast TV VLAN allows the single multicast VLAN to be shared in the network while subscribers
remain in separate VLANs (Also known as MVR)
Q-in-Q VLAN VLANs transparently cross a service provider network while isolating traffic among customers
Generic VLAN Registration
Protocol (GVRP)/Generic Attribute
Registration Protocol (GARP)
Protocols for automatically propagating and configuring VLANs in a bridged domain
Dynamic Host Configuration
Protocol (DHCP) Relay at Layer 2
Relay of DHCP traffic to DHCP server in different VLAN. Works with DHCP Option 82
Internet Group Management
Protocol (IGMP) versions 1, 2, and
3 snooping
IGMP limits bandwidth-intensive multicast traffic to only the requesters; supports 1K multicast
groups (source-specific multicasting is also supported)
IGMP Querier IGMP querier is used to support a Layer 2 multicast domain of snooping switches in the absence of
a multicast router
Head-of-line (HOL) blocking HOL blocking prevention
Jumbo Frames Up to 9K (9216) bytes
Layer 3
IPv4 routing Wirespeed routing of IPv4 packets
Up to 512 static routes and up to 128 IP interfaces
Classless Inter-Domain Routing
(CIDR)
Support for CIDR
DHCP relay at Layer 3 Relay of DHCP traffic across IP domains
User Datagram Protocol (UDP)
relay
Relay of broadcast information across Layer 3 domains for application discovery or relaying of
BootP/DHCP packets
DHCP Server Switch functions as an IPv4 DHCP Server serving IP addresses for multiple DHCP pools/scopes
Security
Secure Shell (SSH) Protocol SSH is a secure replacement for Telnet traffic. SCP also uses SSH. SSH v1 and v2 are supported
Secure Sockets Layer (SSL) SSL support: Encrypts all HTTPS traffic, allowing highly secure access to the browser-based
management GUI in the switch
IEEE 802.1X
(Authenticator role)
802.1X: RADIUS authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN,
single/multiple host mode and single/multiple sessions
Supports time-based 802.1X
Dynamic VLAN assignment
STP Bridge Protocol Data Unit
(BPDU) Guard
A security mechanism to protect the network from invalid configurations. A port enabled for BPDU
Guard is shut down if a BPDU message is received on that port.
STP Root Guard This prevents edge devices not in the network administrator’s control from becoming Spanning Tree
Protocol root nodes.
DHCP snooping Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted
interfaces. This prevents rogue devices from behaving as a DHCP Server.
IP Source Guard (IPSG) When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if
the source IP addresses of the packets have not been statically configured or dynamically learned
from DHCP snooping. This prevents IP Address Spoofing.
Dynamic ARP Inspection (DAI) The switch discards ARP packets from a port if there is no static or dynamic IP/MAC bindings or if
there is a discrepancy between the source or destination address in the ARP packet. This prevents
man-in-the-middle attacks.
IP/Mac/Port Binding (IPMB) The features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) above work
together to prevent DOS attacks in the network, thereby increasing network availability.
Secure Core Technology (SCT) Ensures that the switch will receive and process management and protocol traffic no matter how
much traffic is received.
Secure Sensitive Data (SSD) A mechanism to manage sensitive data (such as passwords, keys, etc) securely on the switch,
populating this data to other devices, and secure autoconfig. Access to view the sensitive data as
plaintext or encrypted is provided according to the user configured access level and the access
method of the user.
Layer 2 isolation Private VLAN
Edge (PVE) with community VLAN
PVE (also known as protected ports) provides Layer 2 isolation between devices in the same VLAN,
supports multiple uplinks.
Port security The ability to lock Source MAC addresses to ports, and limits the number of learned MAC
addresses.