Datasheet
4
•
User Datagram Protocol (UDP) helper
function: allows UDP broadcasts to be directed
across router interfaces to specific IP unicast or
subnet broadcast addresses and prevents server
spoofing for UDP services such as DHCP
•
Route maps: provide more control during route
redistribution; allow filtering and altering of route
metrics
Layer 3 routing
•
IPv4 routing protocols: support static routes and
RIP
•
IPv6 routing protocols: provide routing of IPv6
at wire speed; support static routes and RIPng
•
Bidirectional Forwarding Detection (BFD):
enables link connectivity monitoring and reduces
network convergence time for VRRP, static routing,
and IRF
•
IPv6 tunneling: allows a smooth transition from
IPv4 to IPv6 by encapsulating IPv6 traffic over an
existing IPv4 infrastructure
Security
•
Access control lists (ACLs): provides IP Layer 2
to Layer 4 traffic filtering; supports VLAN ACL and
port ACL
•
Multiple user authentication methods:
– IEEE 802.1X: is an industry-standard method of
user authentication using an IEEE 802.1X
supplicant on the client in conjunction with a
RADIUS server
– Web-based authentication: similar to IEEE
802.1X, it provides a browser-based environment
to authenticate clients that do not support the IEEE
802.1X supplicant
– MAC-based authentication: client is
authenticated with the RADIUS server based on
the client's MAC address
•
Identity-driven security and access control:
– Per-user ACLs: permits or denies user access to
specific network resources based on user identity
and time of day, allowing multiple types of users
on the same network to access specific network
services without risk to network security or
unauthorized access to sensitive data
– Automatic VLAN assignment: automatically
assigns users to the appropriate VLAN based on
their identities
•
Secure management access: securely encrypts
all access methods (CLI, GUI, or MIB) through
SSHv2, SSL, and/or SNMPv3
•
Secure FTP: allows secure file transfer to and from
the switch; protects against unwanted file
downloads or unauthorized copying of a switch
configuration file
•
Guest VLAN: similar to IEEE 802.1X, it provides a
browser-based environment to authenticated clients
•
Endpoint Admission Defense (EAD): provides
security policies to users accessing a network
•
Port security: allows access only to specified
MAC addresses, which can be learned or specified
by the administrator
•
Port isolation: secures and adds privacy, and
prevents malicious attackers from obtaining user
information
•
STP BPDU port protection: blocks Bridge
Protocol Data Units (BPDUs) on ports that do not
require BPDUs, preventing forged BPDU attacks
•
STP Root Guard: protects the root bridge from
malicious attacks or configuration mistakes
•
DHCP protection: blocks DHCP packets from
unauthorized DHCP servers, preventing
denial-of-service attacks
•
Dynamic ARP protection: blocks ARP
broadcasts from unauthorized hosts, preventing
eavesdropping or theft of network data
•
IP Source Guard: filters packets on a per-port
basis, which prevents illegal packets from being
forwarded
•
RADIUS/HWTACACS: eases switch management
security administration by using a password
authentication server
•
Multiple Customer Edge (MCE): facilitates
MPLS VPN network integration with support for up
to 63 VPNs
Convergence
•
IEEE 802.1AB Link Layer Discovery Protocol
(LLDP): is an automated device discovery protocol
that provides easy mapping of network
management applications
•
LLDP-MED: is a standard extension that
automatically configures network devices, including
LLDP-capable IP phones
•
LLDP-CDP compatibility: receives and
recognizes CDP packets from Cisco's IP phones for
seamless interoperation
•
PoE allocations: support multiple methods
(automatic, IEEE 802.3af class, LLDP-MED, or user
specified) to allocate PoE power for more efficient
energy savings