Cisco GLC-ZX-SM-RGD= Техническое Руководство
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 13
Category
Feature/Benefit
Availability and scalability
● Virtual LANs (VLANs) allow for logical segmentation for a network for optimal use of bandwidth.
● 802.1q trunking
● QoS classifies and prioritizes data, guaranteeing determinism for mission-critical data.
● IGMPv3 snooping provides fast client joins and leaves of multicast streams and limits bandwidth-intensive
● 802.1q trunking
● QoS classifies and prioritizes data, guaranteeing determinism for mission-critical data.
● IGMPv3 snooping provides fast client joins and leaves of multicast streams and limits bandwidth-intensive
traffic to only the requestors. An additional querier allows this operation in a Layer 2 only environment.
● IGMP filtering provides multicast authentication by filtering out no subscribers and limits the number of
concurrent multicast streams available per port.
● Per-port broadcast, multicast, and unicast storm control prevents faulty end stations from degrading overall
systems performance.
● IEEE 802.1d Spanning Tree Protocol support for redundant backbone connections and loop-free networks
simplifies network configuration and improves fault tolerance.
● EtherChannel LACP support for quick recovery and bandwidth utilization
● FlexLinks for fast recovery
● Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, failsafe routing topologies.
● Resilient Ethernet Protocol, scalable up to 130 nodes with a very fast convergence, 50ms.
● FlexLinks for fast recovery
● Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, failsafe routing topologies.
● Resilient Ethernet Protocol, scalable up to 130 nodes with a very fast convergence, 50ms.
Security
● IEEE 802.1x with VLAN assignment, guest VLAN, and voice VLAN allows dynamic port-based security,
providing user authentication.
● Port-based ACLs for Layer 2 interfaces allow application of security policies on individual switch ports.
● MAC address filtering prevents the forwarding of any type of packet with a matching MAC address.
● Secure Shell (SSH) Protocol v2 and SNMPv3 provide network security by encrypting administrator traffic
● MAC address filtering prevents the forwarding of any type of packet with a matching MAC address.
● Secure Shell (SSH) Protocol v2 and SNMPv3 provide network security by encrypting administrator traffic
during Telnet and SNMP sessions. SSHv2 and the cryptographic version of SNMPv3 require a special
cryptographic software image because of U.S. export restrictions.
cryptographic software image because of U.S. export restrictions.
● TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized
users from altering the configuration.
● MAC address notification allows administrators to be notified of users added to or removed from the network.
● Dynamic Host Configuration Protocol (DHCP) snooping allows administrators to help ensure consistent
● Dynamic Host Configuration Protocol (DHCP) snooping allows administrators to help ensure consistent
mapping of IP to MAC addresses. This can be used to prevent attacks that attempt to poison the DHCP
binding database and to rate limit the amount of DHCP traffic that enters a switch port.
binding database and to rate limit the amount of DHCP traffic that enters a switch port.
● DHCP Interface Tracker (Option 82) augments a host IP address request with the switch port ID.
● Port security secures the access to an access or 802.1q trunk port based on MAC address.
● After a specific time frame, the aging feature removes the MAC address from the switch to allow another
● Port security secures the access to an access or 802.1q trunk port based on MAC address.
● After a specific time frame, the aging feature removes the MAC address from the switch to allow another
device to connect to the same port.
● Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is present and to disable
the trust setting if the IP phone is removed, thereby preventing a malicious user from overriding prioritization
policies in the network.
policies in the network.
● Up to 512 ACLs are supported, with two profiles: Security (384 Security ACL entries and 128 QoS policies)
and QoS (128 Security ACL entries and 384 QoS polices).
● Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-
plane and data-plane traffic.
● Dynamic ARP Inspection helps ensure user integrity by preventing malicious users from exploiting the
insecure nature of the ARP protocol.
● DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out bogus addresses.
This feature is used by other primary security features to prevent a number of other attacks such as ARP
poisoning.
poisoning.
● IP source guard prevents a malicious user from spoofing or taking over another user's IP address by creating
a binding table between client's IP and MAC address, port, and VLAN.
● Support for private VLANs and SXP (SGT Exchange Protocol)
High-performance IP routing
● Inter-VLAN IP routing for full Layer 3 routing between 2 or more VLANs.
● Basic IP unicast routing protocols (static, Routing Information Protocol Version 1 [RIPv1], RIPv2 and RIPng).
● Advanced IP unicast routing protocols (Open Shortest Path First [OSPF], Interior Gateway Routing Protocol
● Basic IP unicast routing protocols (static, Routing Information Protocol Version 1 [RIPv1], RIPv2 and RIPng).
● Advanced IP unicast routing protocols (Open Shortest Path First [OSPF], Interior Gateway Routing Protocol
[IGRP], Enhanced IGRP [EIGRP], Border Gateway Protocol Version 4 [BGPv4], and Intermediate System-to-
Intermediate System [IS-IS]) are supported for load balancing and constructing scalable LANs.
Intermediate System [IS-IS]) are supported for load balancing and constructing scalable LANs.
● Protocol Independent Multicast (PIM) for IP multicast routing is supported, including PIM sparse mode (PIM-
SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode.
● Cisco Express Forwarding hardware routing architecture delivers extremely high-performance IP routing.
● IPv6 routing (OSPFv6 and EIGRPv6) support in hardware for maximum performance.
● Policy-based routing (PBR) allows superior control by facilitating flow redirection regardless of the routing
● IPv6 routing (OSPFv6 and EIGRPv6) support in hardware for maximum performance.
● Policy-based routing (PBR) allows superior control by facilitating flow redirection regardless of the routing
protocol configured.
● HSRP provides dynamic load balancing and failover for routed links; up to 32 HSRP links supported per unit.
● Support for 1000 multicast groups.
● VRF-Lite virtualization
● Support for 1000 multicast groups.
● VRF-Lite virtualization