Datasheet
3
Resiliency and high availability
•
Separate data and control paths
increases security and performance
•
External redundant power supply
provides high reliability
•
Smart link
allows 50 ms failover between links
•
Spanning Tree/MSTP, RSTP
provides redundant links while preventing network loops
•
Port trunking
provides higher switch-to-switch throughput and link-level
redundancy, with support for standards-based link aggregation
(IEEE 802.3ad); supports up to 13 trunks, each with up to 8 links
(ports) per trunk
•
Device Link Detection Protocol (DLDP)
monitors link connectivity and shuts down ports at both ends if
unidirectional traffic is detected, preventing loops in STP-based
networks
Layer 2 switching
•
NEW PVST+ on v2 products
provides greater interoperability
•
8K MAC addresses
provide access to many Layer 2 devices
•
VLAN support and tagging
supports the IEEE 802.1Q, with 4,094 simultaneous VLAN IDs;
supports port-based VLANs, MAC-based VLANs, and protocol-based
VLANs
•
GARP VLAN Registration Protocol
allows automatic learning and dynamic assignment of VLANs
•
IEEE 802.1ad QinQ and Selective QinQ
increase the scalability of an Ethernet network by providing a
hierarchical structure; connect multiple LANs on a high-speed
campus or metro network
•
Gigabit Ethernet port aggregation
allows grouping of ports to increase overall data throughput to a
remote device
•
Internet Group Management Protocol (IGMP) and Multicast
Listener Discovery (MLD) protocol snooping
effectively control and manage the flooding of multicast packets in
a Layer 2 network
Layer 3 services
•
Address Resolution Protocol (ARP)
determines the MAC address of another IP host in the same subnet
•
Dynamic Host Configuration Protocol (DHCP)
simplifies the management of large IP networks and supports client
and server
•
Loopback interface address
defines an address in Routing Information Protocol (RIP) and OSPF
that can always be reachable, improving diagnostic capability
Security
•
Access control lists (ACLs)
provide IP Layer 2 to Layer 4 traffic filtering; support global ACL,
VLAN ACL, and IPv6 ACL
•
Multiple user authentication methods
– IEEE 802.1X
is an industry-standard method of user authentication using an
IEEE 802.1X supplicant on the client in conjunction with a RADIUS
server
– Web-based authentication
similar to IEEE 802.1X, it provides a browser-based environment
to authenticate clients that do not support the IEEE 802.1X
supplicant
– MAC-based authentication
authenticates the client with the RADIUS server based on the
client's MAC address
•
Identity-driven security and access control
– Per-user ACLs
permits or denies user access to specific network resources based
on user identity and time of day, allowing multiple types of users
on the same network to access specific network services without
risking network security or allowing unauthorized access to
sensitive data
– Automatic VLAN assignment
automatically assigns users to the appropriate VLAN based on
their identities
•
Secure management access
securely encrypts all access methods (CLI, GUI, or MIB) through
SSHv2, SSL, and/or SNMPv3
•
Secure FTP
allows secure file transfer to and from the switch; protects against
unwanted file downloads or unauthorized copying of a switch
configuration file
•
Guest VLAN
similar to IEEE 802.1X, it provides a browser-based environment to
authenticated clients
•
Endpoint Admission Defense (EAD)
provides security policies to users accessing a network
•
Port security
allows access only to specified MAC addresses, which can be learned
or specified by the administrator
•
Port isolation
secures and adds privacy, and prevents malicious attackers from
obtaining user information
•
STP BPDU port protection
blocks Bridge Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks