Datasheet

ManualsBrandsCisco ManualsNetworkingWS-C3550-12G

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 8 of 18

Feature Benefit

policies in the network.

• Switch Port Analyzer (SPAN) for Cisco Secure Intrusion Detection System (IDS) support allows the IDS to take

action when an intruder is detected.

• The user-selectable address-learning mode simplifies configuration and enhances security.

• Cisco CMS Software Security Wizards ease the deployment of security features for restricting user access to a server,

a portion of the network or access to the network.

Network

Administration

Security

• TACACS+ and RADIUS authentication to enable centralized control of the switch and restrict unauthorized users

from altering the configuration. Multilevel security on console access prevents unauthorized users from altering the

switch configuration.

• SSH, Kerberos, and SNMPv3 provides network security by encrypting administrator traffic during Telnet and SNMP

sessions—SSH, Kerberos, and the crypto version of SNMPv3 require a special crypto software image due to US

export restrictions.

User and Device

Authentication

• IEEE 802.1x for dynamic port-based security to prevent unauthorized clients from gaining access to the network.

• Port Security secures the access to a port based on the MAC address of a users device. The aging feature removes the

MAC address from the switch after a specific timeframe to allow another device to connect to the same port, thereby

eliminating administrative overhead associated with this feature.

Granular Access

Control and Identity-

based Network

Services

• Cisco security VLAN ACLs (VACLs) on all VLANs to prevent unauthorized data flows to be bridged within

VLANs.

• Cisco standard and extended IP security Router ACLs (RACLs) for defining security policies on routed interfaces

for control plane and data plane traffic.

• Port-based ACLs (PACLs) for Layer 2 interfaces allows security policies to be applied on individual switch ports.

• Time-based ACLs allow the implementation of security settings during specific periods of the day or days of the

week.

• 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is

connected.

• 802.1x with an ACL assignment allows for specific security policies based on a user regardless of where the user is

connected.

• 802.1x with voice VLAN to permit an IP phone access to the voice VLAN irrespective of the authorized or

unauthorized state of the port.

• 802.1x and port security for authenticating the port and managing network access for all MAC addresses, including

that of the client.

• Support for dynamic VLAN assignment through implementation of VLAN Membership Policy Server (VMPS)

client functionality provides flexibility in assigning ports to VLANs. Dynamic VLAN enables fast assignment

of IP address.

Tracking Users

• DHCP Interface Tracker (Option 82) provides capabilities to locate a user on a network by providing switch and port

ID to a DHCP server. MAC Address Notification allows administrators to be notified of new users added or removed

from the network. Support for CiscoWorks User Registration Tool and the User Tracker in CiscoWorks Campus

Manager both provide the ability to track the location of users.

Quality of Service/Control

Advanced Quality

of Service

• 802.1p CoS and Differentiated Services Code Point (DSCP) field classification via marking and reclassification on

a per packet basis using source/destination IP address, source/destination MAC address, or Layer 4 TCP/UDP port

number.

• Automatic QoS (Auto-QoS) greatly simplifies the configuration of QoS in VoIP networks by issuing interface and

global switch commands that allow the detection of Cisco IP phones, the classification of traffic, and egress queue

configuration.