Cisco ME 3400E ME-3400EG-12CS-M Scheda Tecnica
Codici prodotto
ME-3400EG-12CS-M
Data Sheet
© 2008–2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 22
Reflectometer (TDR), the Cisco ME 3400E Series provides a comprehensive set of tools to help
service providers to manage Ethernet services.
Service Security
As Carrier Ethernet networks expand, it is a challenge to provide the same level of security as
other access technologies. Cisco ME 3400E Series switches provide a comprehensive security
solution for Ethernet access networks by providing service security in three areas: subscriber,
switch, and network.
Subscriber security helps create protection among customers. A major concern in using a shared
device for multiple customers is how to prevent customers from affecting each other. The Cisco
ME 3400E Series addresses this concern with several different features. The UNI/NNI feature
creates a circuit-like behavior to separate customers’ traffic from each other. DHCP Snooping,
Dynamic ARP Inspection, and IP Source Guard help service providers identify each customer
based on MAC, IP address, and port information to help prevent malicious users from spoofing
fake addresses and launching man-in-the-middle attacks.
Switch security is about protecting the switch itself from attacks. The Cisco ME 3400 Series offers
features to protect CPU and configuration files from attacks. CPU is a critical component of an
Ethernet switch that is responsible for process-control protocols and routing updates; under DoS
attack, the CPU could drop those control packets, resulting in network outage. Other features such
as Configurable Control Plane Security and Storm Control protect the CPU against malicious
attacks. The Port Security feature allows service providers to control the number of MAC
addresses each subscriber is allowed, offering protection against overwhelming the switch
memory.
Network security features filter all incoming traffic to help ensure that only valid traffic is allowed
through the switch. Cisco ME 3400E Series switches have features such as access control lists
(ACLs) and IEEE 802.1x authentication to identify the users and packets that are allowed to
transmit traffic through the switch.
Table 3 lists these and other key features of the security solution.
Table 3.
Key Features for Each Area of Comprehensive Security Solution
Subscriber Security
Switch Security
Network Security
UNI/ENI default: no local switching
Configurable control plane security
ACLs
DHCP Snooping and IP Source Guard
Storm Control
IEEE 802.1x
Dynamic ARP Inspection
Port security
UNI/ENI default: port down
Private VLAN
Configurable per-VLAN MAC learning
Configuration file security
Switch Management Options
The Cisco ME 3400E Series offers a superior command-line interface (CLI) for detailed
configuration. In addition, the switches support CiscoWorks and Simple Network Management
Protocol (SNMP) for networkwide management. Service providers can integrate the Cisco ME
3400 Series transparently into their operations support systems (OSSs) and enable improved flow-
through provisioning.
Service providers can also manage the Cisco ME 3400E Series using SNMP Versions 2 and 3. A
comprehensive set of MIBs is provided for service providers to collect traffic information in the
Cisco ME 3400E Series.