Layer 2 Switching
|
Spanning Tree Protocol (STP)
|
Standard 802.1d Spanning Tree support
Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]), enabled by default
8 instances are supported
Multiple Spanning Tree instances using 802.1s (MSTP)
|
Port grouping
|
Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP)
- Up to 8 groups
- Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation
|
VLAN
|
Support for up to 4096 VLANs simultaneously Port-based and 802.1Q tag-based VLANs MAC-based VLAN
Management VLAN
Private VLAN Edge (PVE), also known as protected ports, with multiple uplinks
Guest VLAN Unauthenticated VLAN
Dynamic VLAN assignment via Radius server along with 802.1x client authentication
CPE VLAN
|
Voice VLAN
|
Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS.
Auto voice capabilities deliver network-wide zero touch deployment of voice endpoints and call control devices.
|
Multicast TV VLAN
|
Multicast TV VLAN allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs (Also known as MVR)
|
Q-in-Q VLAN
|
VLANs transparently cross a service provider network while isolating traffic among customers
|
Generic VLAN Registration Protocol (GVRP)/Generic Attribute Registration Protocol (GARP)
|
Protocols for automatically propagating and configuring VLANs in a bridged domain
|
Unidirectional Link Detection (UDLD)
|
UDLD monitors physical connection to detect unidirectional links caused by incorrect wiring or cable/port faults to prevent forwarding loops and blackholing of traffic in switched networks
|
Dynamic Host ConfigurationProtocol (DHCP) Relay at Layer 2
|
Relay of DHCP traffic to DHCP server in different VLAN. Works with DHCP Option 82
|
Internet Group ManagementProtocol (IGMP) versions 1, 2, and3 snooping
|
IGMP limits bandwidth-intensive multicast traffic to only the requesters; supports 1K multicast groups (source-specific multicasting is also supported)
|
IGMP Querier
|
IGMP querier is used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router
|
Head-of-line (HOL) blocking
|
HOL blocking prevention
|
Jumbo Frames
|
Up to 9K (9216) bytes
|
Layer 3
|
IPv4 routing
|
Wirespeed routing of IPv4 packets
Up to 512 static routes and up to 128 IP interfaces
|
Classless Inter-Domain Routing(CIDR)
|
Support for CIDR
|
Layer 3 Interface
|
Configuration of layer 3 interface on physical port, LAG, VLAN interface or Loopback interface
|
DHCP relay at Layer 3
|
Relay of DHCP traffic across IP domains
|
User Datagram Protocol (UDP)relay
|
Relay of broadcast information across Layer 3 domains for application discovery or relaying of BootP/DHCP packets
|
DHCP Server
|
Switch functions as an IPv4 DHCP Server serving IP addresses for multiple DHCP pools/scopes
Support for DHCP options
|
Security
|
Secure Shell (SSH) Protocol
|
SSH is a secure replacement for Telnet traffic. SCP also uses SSH. SSH v1 and v2 are supported
|
Secure Sockets Layer (SSL)
|
SSL support: Encrypts all HTTPS traffic, allowing highly secure access to the browser-based management GUI in the switch
|
IEEE 802.1X (Authenticator role)
|
802.1X: RADIUS authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN, single/multiple host mode and single/multiple sessions
Supports time-based 802.1X Dynamic VLAN assignment
|
Web Based Authentication
|
Web based authentication provides network admission control through web browser to any host devices and operating systems.
|
STP Bridge Protocol Data Unit(BPDU) Guard
|
A security mechanism to protect the network from invalid configurations. A port enabled for BPDU Guard is shut down if a BPDU message is received on that port.
|
STP Root Guard
|
This prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.
|
DHCP snooping
|
Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces. This prevents rogue devices from behaving as a DHCP Server.
|
IP Source Guard (IPSG)
|
When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the source IP addresses of the packets have not been statically configured or dynamically learned from DHCP snooping. This prevents IP Address Spoofing.
|
Dynamic ARP Inspection (DAI)
|
The switch discards ARP packets from a port if there is no static or dynamic IP/MAC bindings or if there is a discrepancy between the source or destination address in the ARP packet. This prevents man-in-the-middle attacks.
|
IP/Mac/Port Binding (IPMB)
|
The features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) above work together to prevent DOS attacks in the network, thereby increasing network availability.
|
Secure Core Technology (SCT)
|
Ensures that the switch will receive and process management and protocol traffic no matter how much traffic is received.
|
Secure Sensitive Data (SSD)
|
A mechanism to manage sensitive data (such as passwords, keys, etc) securely on the switch, populating this data to other devices, and secure autoconfig. Access to view the sensitive data as plaintext or encrypted is provided according to the user configured access level and the access method of the user.
|
Layer 2 isolation Private VLAN Edge (PVE) with community VLAN
|
PVE (also known as protected ports) provides Layer 2 isolation between devices in the same VLAN, supports multiple uplinks.
|
Port security
|
The ability to lock Source MAC addresses to ports, and limits the number of learned MAC
addresses.
|
RADIUS/TACACS+
|
Supports RADIUS and TACACS authentication. Switch functions as a client.
|
Storm control
|
Broadcast, multicast, and unknown unicast
|
RADIUS accounting
|
The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.
|
DoS prevention
|
Denial-of-Service (DOS) attack prevention
|
ACLs
|
Support for up to 512 rules
Drop or rate limit based on source and destination MAC, VLAN ID or IP address, protocol, port, differentiated services code point (DSCP)/IP precedence, TCP/UDP source and destination ports,
802.1p priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets, TCP flag, Time-based ACLs supported.
|
Bạn đang cần tư vấn về sản phẩm: SF300-24 ?
Module quang SFP Cisco MGBSX1 sử dụng được cho Switch Cisco SF300-24 bạn nhé.Bạn quan tâm vui lòng để lại sđt bên mình sẽ gọi điện tư vấn cho bạn nhé.