Filter
Top Products
32
•ICMP throttling: defeats ICMP denial-of-service attacks by enabling any switch port to automatically throttle
ICMP traffic
•Virus throttling: detects traffic patterns typical of WORM-type viruses and either throttles or entirely prevents
the ability of the virus to spread across the routed VLANs or bridged interfaces, without requiring external
appliances
•STP BPDU port protection: blocks Bridge Protocol Data Units (BPDUs) on ports that do not require BPDUs,
preventing forged BPDU attacks
•Dynamic IP lockdown: works with DHCP protection to block traffic from unauthorized hosts, preventing IP
source address spoofing
•DHCP protection: blocks DHCP packets from unauthorized DHCP servers, preventing denial-of-service attacks
•Dynamic ARP protection: blocks ARP broadcasts from unauthorized hosts, preventing eavesdropping or theft
of network data
•USB Secure Autorun: deploys, diagnoses, and updates switch using USB flash drive; works with secure
credential to prevent tampering
•STP Root Guard: protects root bridge from malicious attack or configuration mistakes
•Management Interface Wizard: CLI-based step-by-step configuration tool helps ensure that management
interfaces such as SNMP, telnet, SSH, SSL, Web, and USB are secured to desired level
•Access control lists (ACLs): provide filtering based on the IP field, source/destination IP address/subnet, and
source/destination TCP/UDP port number on a per-VLAN or per-port basis
•Multiple user authentication methods:
− Multiple IEEE 802.1X users per port: provides authentication of multiple IEEE 802.1X users per port; prevents
user “piggybacking” on another user’s IEEE 802.1X authentication
− Web-based authentication: authenticates from Web browser for clients that do not support IEEE 802.1X
supplicant; customized remediation can be processed on an external Web server
− MAC-based authentication: client is authenticated with the RADIUS server based on client’s MAC address
− Concurrent IEEE 802.1X, Web, and MAC authentication schemes per port: switch port will accept up to 32
sessions of IEEE 802.1X, Web, and MAC authentications
•Switch CPU protection: provides automatic protection against malicious network traffic trying to shut down the
switch
•Identity-driven ACL: enables implementation of a highly granular and flexible access security policy specific
to each authenticated network user
•Secure Sockets Layer (SSL): encrypts all HTTP traffic, allowing secure access to the browser-based
management GUI in the switch
•Security banner: displays a customized security policy when users log in to the switch
Multicast support
•IP multicast routing (requires Premium License): includes PIM Sparse and Dense modes to route IP multicast
traffic
•IP multicast snooping (data-driven IGMP): automatically prevents flooding of IP multicast traffic
Quality of Service (QoS)
•Layer 4 prioritization: enables prioritization based on TCP/UDP port numbers
•Class of Service (CoS): sets the IEEE 802.1p priority tag based on IP address, IP Type of Service (ToS), L3
protocol, TCP/UDP port number, source port, and DiffServ
•Bandwidth shaping:
− Port-based rate limiting: per-port ingress/egress enforced maximum bandwidth
− Classifier-based rate limiting: use ACL to enforce maximum bandwidth for ingress traffic on each port
− Guaranteed minimum: per-port, per-queue egress-based guaranteed minimum bandwidth
•Advanced classifier-based QoS: classifies traffic using multiple match criteria based on L2/L3/L4 information;
applies QoS policies such as setting priority level and rate limit to selected traffic per port or per VLAN
•Traffic prioritization: allows real-time traffic classification into eight priority levels mapped to eight queues