Data Sheet
© 2008-2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 21
MAC address learning and aging
notifications
VRF-aware Services (ARP, Ping, SNMP,
HSRP, uRPF Syslog, Traceroute, FTP,
and TFTP)
Bidirectional Forwarding Detection (BFD)
for OSPF, IS-IS, BGP, HSRP, and
EIGRP
Comprehensive Security Solution
As Metro Ethernet networks expand, it is a challenge to provide the same level of security as other
access technologies. Cisco ME 3400 Series Switches provide a comprehensive security solution
for Ethernet access networks by addressing their security features to each of three areas:
subscriber, switch, and network security.
Subscriber security helps create protection among customers. A major concern in using a shared
device for multiple customers is how to prevent customers from affecting each other. The Cisco
ME 3400 Series addresses this concern with several different features. The UNI/NNI feature
creates a circuit-like behavior to separate customers’ traffic from each other. DHCP Snooping,
Dynamic ARP Inspection, and IP Source Guard help service providers identify each customer
based on MAC, IP address, and port information to help prevent malicious users from spoofing
fake addresses and launching man-in-the-middle attacks.
Switch security is about protecting the switch itself from attacks. The Cisco ME 3400 Series offers
features to protect CPU and configuration files from attacks. CPU is a critical component of an
Ethernet switch that is responsible for process-control protocols and routing updates; under DoS
attack, the CPU could drop those control packets, resulting in network outage. Other features such
as Configurable Control Plane Security and Storm Control protect the CPU against malicious
attacks. The Port Security feature allows service providers to control the number of MAC
addresses each subscriber is allowed, offering protection against overwhelming the switch
memory.
Network security features filter all incoming traffic to help ensure that only valid traffic is allowed
through the switch. Cisco ME 3400 Series Switches have features such as access control lists
(ACLs) and IEEE 802.1x authentication to identify the users and packets that are allowed to
transmit traffic through the switch.
Table 3 lists these and other key features of the security solution.
Table 3. Key Features for Each Area of Comprehensive Security Solution
Subscriber Security Switch Security Network Security
UNI default: No Local Switching Configurable Control Plane Security ACLs
DHCP Snooping and IP Source Guard Storm Control IEEE 802.1x
Dynamic ARP Inspection Port Security UNI default: Port Down
Private VLAN Configurable per VLAN MAC learning Configuration File Security
Service Management Options
The Cisco ME 3400 Series offers a superior command-line interface (CLI) for detailed
configuration. In addition, the switches support CiscoWorks, the Cisco CNS 2100 Series
Intelligence Engine, the Cisco IP Solution Center (ISC), and Simple Network Management Protocol
(SNMP) for networkwide management. Service providers can integrate the Cisco ME 3400 Series
transparently into their operations support systems (OSSs) and enable improved flow-through
provisioning.
To Next Page
Loading...
Need help?
General
