© 2004 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 3 of 18
deliver intelligent network services across any combination of wired and wireless infrastructures. Refer to the Cisco Catalyst 2950 LRE Series Data
Sheet for more information.
INTELLIGENCE IN THE NETWORK
Networks of today are evolving to address four new developments at the network edge:
• Increase in desktop computing power
• Introduction of bandwidth-intensive applications
• Expansion of highly sensitive data on the network
• Presence of multiple device types, such as IP phones and LAN access points
These new demands are contending for resources with many existing mission-critical applications. As a result, IT professionals must view the edge
of the network as critical to effectively manage the delivery of information and applications.
As companies increasingly rely on the network as the strategic business infrastructure, it is more important than ever to ensure their high availability,
security, scalability, and control. By adding Cisco intelligent functions to the wiring closet, customers can now deploy network-wide intelligent
services that address these requirements in a consistent way, from the desktop to the core and through the WAN.
With Cisco Catalyst switches, Cisco enables companies to realize the full benefits of adding intelligent services into their networks. Capabilities that
make the network infrastructure highly available to accommodate time-critical needs, scalable to accommodate growth, secure enough to protect
confidential information, and capable of differentiating and controlling traffic flows are critical to further optimizing network operations.
Network Security Through Advanced Security Features
Cisco Catalyst 2950 Series switches offer enhanced data security through several security features. These features allow customers to enhance
LAN security with capabilities to secure network management traffic through the protection of passwords and configuration information; to provide
options for network security based on users, ports, and MAC addresses; and to enable more immediate reactions to intruder and hacker detection.
These enhancements are available free of charge by downloading the latest software release for the Cisco Catalyst 2950 Series.
Secure Shell version 2 (SSHv2) and Simple Network Management Protocol version 3 (SNMPv3) protect information from being eavesdropped or
being tampered with by encrypting information being passed on the network, thereby guarding administrative information. Private VLAN Edge
isolates ports on a switch, ensuring that traffic travels directly from the entry point to the aggregation device through a virtual path and cannot be
directed to another port. Local Proxy Address Resolution Protocol (ARP) works in conjunction with Private VLAN Edge to minimize broadcasts
and maximize available bandwidth.
Port-based Access Control Parameters (ACPs) restrict sensitive portions of the network by denying packets based on source and destination MAC
addresses, IP addresses, or TCP/UDP ports. ACP lookups are done in hardware; therefore, forwarding performance is not compromised when
implementing this type of security in the network. In addition, Time-based Access Control Lists (ACLs) allow configuration of differentiated
services based on time periods. ACLs can also be applied to filter traffic based on Differentiated Services Code Point (DSCP) values. Port security
provides another means to ensure that the appropriate user is on the network, by limiting access based on MAC addresses.
For authentication of users with a Terminal Access Controller Access Control System (TACACS+) or RADIUS server, 802.1x provides port-level
security. 802.1x, in conjunction with a RADIUS server, allows for dynamic port-based user authentication. 802.1x-based user authentication can
be extended to dynamically assign a VLAN based on a specific user, regardless of where they connect on the network. With 802.1x with Guest
VLAN, guests are allowed access to the Internet via the Guest VLAN but cannot access the customer’s internal network. This intelligent adaptability
allows IT departments to offer greater flexibility and mobility to their stratified user populations. By combining access control and user profiles with
secure network connectivity, services, and applications, enterprises can more effectively manage user mobility and drastically reduce the overhead
associated with granting and managing access to network resources.
To Next Page
Loading...
