Cisco Catalyst 3850 WS-C3850-48P-E Data Sheet
Product codes
WS-C3850-48P-E
© 2013 Cisco and/or its affiliates. This document is Cisco Public Information.
Page 12 of 28
◦
The Unicast Reverse Path Forwarding (RPF) feature helps mitigate problems caused by the introduction
of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack
a verifiable IP source address.
◦
Bidirectional data support on the SPAN port allows the Cisco intrusion detection system (IDS) to take
action when an intruder is detected.
●
User authentication:
◦
Flexible authentication that supports multiple authentication mechanisms, including 802.1X, MAC
authentication bypass, and web authentication using a single, consistent configuration.
◦
RADIUS change of authorization and downloadable calls for comprehensive policy management
capabilities.
◦
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2,
turning a broadcast segment into a nonbroadcast multiaccess like segment. Private VLAN
edge provides security and isolation between switch ports, which helps ensure that users cannot snoop
on other users’ traffic.
◦
Multidomain authentication allows an IP phone and a PC to authenticate on the same switch port while
placing them on appropriate voice and data VLAN.
◦
MAC address notification allows administrators to be notified of users added to or removed from the
network.
◦
Mobility and security for secure, reliable wireless connectivity and consistent end-user experience.
Increased network availability through proactive blocking of known threats.
◦
IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of
concurrent multicast streams available per port.
●
ACLs:
◦
Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within
VLANs.
◦
Cisco standard and extended IP security router ACLs define security policies on routed interfaces for
control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
◦
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
●
Device access:
◦
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3
(SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions.
SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic
software image because of U.S. export restrictions.
◦
TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts
unauthorized users from altering the configuration.
◦
Multilevel security on console access prevents unauthorized users from altering the switch configuration.
●
Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when
BPDUs are received to avoid accidental topology loops.