Cisco Cisco IOS Software Release 15.2(3)E 發佈版本通知
7
Release Notes for Catalyst 2960-X and 2960-XR Series Switches, Cisco IOS Release 15.2(5)E and Later
OL-32568-01
Features of the Switch
–
Cisco Smart Install is a transparent plug-and-play technology that can configure the Cisco IOS
software image and switch configuration without user intervention. Smart Install uses dynamic
IP address allocation and the assistance of other switches to facilitate installation.
software image and switch configuration without user intervention. Smart Install uses dynamic
IP address allocation and the assistance of other switches to facilitate installation.
–
Cisco Auto Smartports provide automatic configuration as devices connect to the switch port,
allowing auto detection and plug and play of the device onto the network.
allowing auto detection and plug and play of the device onto the network.
–
Cisco Smart Configuration provides a single point of management for a group of switches and
in addition adds the ability to archive and back up configuration files to a file server or switch
allowing seamless zero touch switch replacement.
in addition adds the ability to archive and back up configuration files to a file server or switch
allowing seamless zero touch switch replacement.
–
Cisco Smart Troubleshooting is an extensive array of debug diagnostic commands and system
health checks within the switch, including Generic Online Diagnostics (GOLD) and Onboard
Failure Logging (OBFL).
health checks within the switch, including Generic Online Diagnostics (GOLD) and Onboard
Failure Logging (OBFL).
•
Flexible NetFlow Lite enables monitoring, capturing, and recording of network traffic for further
analysis. Flexible NetFlow Lite support is available on the LAN Base image. On the IP Lite image,
Flexible NetFlow Lite support is available on physical ports configured as either a switch port or a
routed port.
analysis. Flexible NetFlow Lite support is available on the LAN Base image. On the IP Lite image,
Flexible NetFlow Lite support is available on physical ports configured as either a switch port or a
routed port.
•
Cisco Prime Infrastructure is a set of tools that enables you to automate much of the management
of your Cisco network. It is supported with device pack1 (2.1) 4.
of your Cisco network. It is supported with device pack1 (2.1) 4.
Network Security
The Cisco Catalyst 2960-X Series Switches provide a range of security features to limit access to the
network and mitigate threats.
network and mitigate threats.
•
Port security secures the access to an access or trunk port based on MAC address. It limits the
number of learned MAC addresses to deny MAC address flooding.
number of learned MAC addresses to deny MAC address flooding.
•
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers.
•
IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP
snooping database and IP source bindings.
snooping database and IP source bindings.
•
Dynamic ARP inspection (DAI) to prevent malicious attacks on the switch by not relaying invalid
ARP requests and responses to other ports in the same VLAN.
ARP requests and responses to other ports in the same VLAN.
•
Flexible authentication that supports multiple authentication mechanisms including 802.1X, MAC
Authentication Bypass and web authentication using a single, consistent configuration.
Authentication Bypass and web authentication using a single, consistent configuration.
•
Open mode that creates a user friendly environment for 802.1X operations.
•
Comprehensive RADIUS Change of Authorization capability for asynchronous policy management.
•
Unicast Reverse Path Forwarding (RPF) feature helps mitigate problems caused by the introduction
of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that
lack a verifiable IP source address.
of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that
lack a verifiable IP source address.
•
Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged
within VLANs.
within VLANs.
•
Cisco standard and extended IP security router ACLs define security policies on routed interfaces
for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
•
Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch
ports.
ports.
•
Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3.