© 2006 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 5 of 8
Feature
Cisco 36 Port Cisco
Ethernet Switching
Network Modules
Cisco Cisco EtherSwitch Service Modules
the EtherSwitch
Service Module
•
Basic IP unicast routing protocols (static, Routing Information Protocol Version 1 [RIPv1], and
RIPv2) are supported for small-network routing applications.
•
IPv6 routing support in hardware allows for maximum performance in the future (IPv6 routing
support requires Advanced IP Services Software).
•
Inter-VLAN IP routing enables full Layer 3 routing between two or more VLANs.
•
Advanced IP unicast routing protocols (Open Shortest Path First [OSPF], Interior Gateway
Routing Protocol [IGRP], Enhanced IGRP [EIGRP], and Border Gateway Protocol Version 4
[BGPv4]) are supported for load balancing and constructing scalable LANs (requires IP
Services Software).
Extended IEEE
802.1x Support
•
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user,
regardless of where the user is connected; clients without 802.1x can have limited access via a
guest VLAN.
•
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN, regardless of the
authorized or unauthorized state of the port.
•
IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including that of the client.
•
IEEE 802.1x with an access control list (ACL) assignment allows for specific identity-based
security policies, regardless of where the user is connected.
Wire-Speed ACLs
•
Port-based ACLs allow security policies to be applied on individual switch ports.
•
IP ACLs can be processed directly on the Cisco EtherSwitch service module for inter-VLAN
traffic or traffic outbound from any VLAN interface without affecting the router CPU.
Dynamic Host
Control Protocol
(DHCP) Snooping
•
Prevents rogue devices from behaving as the DHCP server.
Dynamic Address
Resolution
Protocol (ARP)
Inspection (DAI)
•
Maintains a binding table containing IP and MAC address associations that have been
dynamically populated using DHCP snooping.
•
Helps to ensure the integrity of user and default gateway information such that traffic cannot be
captured.
IP Source Guard
•
Automatically configures a port ACL for the IP address, and adds the MAC address to the port
security list for the port. DHCP snooping allows learning and binding of IP address and MAC
address by the switch. Removes ACL and MAC entry when lease expires.
•
Prevents snooping of data or anonymous launching of attacks.
Port Security
•
Limits the number of MAC addresses that are able to connect to a switch and helps ensure that
only approved MAC addresses are able to access the switch.
•
Limits MAC flooding attacks, locks down ports, and sends a Simple Network Management
Protocol (SNMP) trap.
Simplified
Management
•
The user-selectable address learning mode simplifies configuration and enhances security.
•
Cisco Network Assistant Software security wizards ease the deployment of security features
for restricting user access to a server, as well as to a portion or all of the network.
