background image

 

 

Data Sheet 

© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 

Page 5 of 14 

Security 

The Cisco Catalyst 2960 LAN Lite Switches support security features that can help your business protect important 

information, keep unauthorized people off the network, guard privacy, and maintain uninterrupted operation. 

The Cisco Identity-Based Networking Services (IBNS) solution provides authentication, access control, and security 

policy administration to secure network connectivity and resources. Cisco IBNS in the Cisco Catalyst 2960 LAN Lite 

Series prevents unauthorized access and helps ensure that users get only their designated privileges.  

With Cisco IBNS you can dynamically administer granular levels of network access. Using the 802.1x standard and 

the Cisco Secure Access Control Server (ACS), you can assign users a VLAN upon authentication, regardless of 

where they connect to the network. This setup allows your IT department to enable strong security policies without 

compromising user mobility, and with minimal administrative overhead. 

You can use port security to limit access on an Ethernet port based on the MAC address of the device to which it is 

connected. You also can use it to limit the total number of devices plugged into a switch port, thereby protecting the 

switch from a MAC flooding attack as well as reducing the risks of rogue wireless access points or hubs. 

You can use the MAC Address Notification feature to monitor the network and track users by sending an alert to a 

management station so that your network administrators know when and where users entered the network. Secure 

Shell Protocol Version 2 (SSHv2) and SNMPv3 encrypt administrative and network-management information, 

protecting your network from tampering or eavesdropping.  or RADIUS authentication enables centralized 

access control of switches and restricts unauthorized users from altering the configurations. Alternatively, you can 

configure a local username and password database on the switch itself. Fifteen levels of authorization on the switch 

console and two levels on the web-based management interface allow you to give different levels of configuration 

capabilities to different administrators. 

Key security features include: 

 

IEEE 802.1x allows dynamic, port-based security, providing user authentication. 

 

IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of 

where the user is connected. 

 

IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized 

or unauthorized state of the port. 

 

IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC 

addresses, including those of the client. 

 

IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access on the 

guest VLAN. 

 

MAC Auth Bypass (MAB) for voice or data devices allows controlled network access without 802.1x 

supplicant to get authenticated using their MAC address. 

 

Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address. 

 

SSHv2 and SNMPv3 provide network security by encrypting administrator traffic during Telnet and SNMP 

sessions. SSHv2 and the cryptographic version of SNMPv3 require a special cryptographic software image 

because of U.S. export restrictions. 

 

 and RADIUS authentication enables centralized control of the switch and restricts unauthorized 

users from altering the configuration. 

 

MAC address notification allows administrators to be notified of users added to or removed from the 

network. 

 

Per-port broadcast, multicast, and unicast storm control and CPU queues prevents faulty end stations 

from degrading overall systems performance and denial of service attacks. 

Summary of Contents for 2960-24-S - Catalyst Switch

Page 1: ...es that are pervasive in the network are critical for secure operations and end to end security is obtained using the Cisco Catalyst 2960 Series Switches with LAN Lite software An array of Cisco security solutions is available including Cisco Clean Access NAC based solutions Overall the functionality available in Cisco Catalyst 2960 Series Switches with LAN Lite software provides peace of mind whe...

Page 2: ... encapsulating years of Cisco networking expertise As devices connect to the switch automatic port configuration is enabled allowing a plug and play of the device onto the network For example an IP phone connecting to the switch will configure the switch port with Cisco best practices for QoS and create a voice VLAN Cisco SmartPort macros offer a set of verified pretested Cisco recommended switch ...

Page 3: ...witches In addition to Cisco Network Assistant Cisco Catalyst 2960 LAN Lite Switches provide for extensive management using SNMP network management platforms such as the CiscoWorks LAN Management Solution LMS CiscoWorks LMS is a suite of powerful management tools that simplify the configuration administration monitoring and troubleshooting of Cisco networks It integrates these capabilities into a ...

Page 4: ... switches that can efficiently deliver high bandwidth applications across the network and optimize network performance saving bandwidth It supports distributed applications and enables next generation multimedia applications including Corporate Communications E learning IP Video Surveillance High Definition Video and distribution of data to desktops in a scalable reliable and efficient manner Cisc...

Page 5: ... TACACS or RADIUS authentication enables centralized access control of switches and restricts unauthorized users from altering the configurations Alternatively you can configure a local username and password database on the switch itself Fifteen levels of authorization on the switch console and two levels on the web based management interface allow you to give different levels of configuration cap...

Page 6: ...econvergence on a per VLAN spanning tree basis without requiring the implementation of spanning tree instances IEEE 802 1d Spanning Tree Protocol support for redundant backbone connections and loop free networks simplifies network configuration and improves fault tolerance IEEE 802 1s Multiple Spanning Tree Protocol MSTP allows a spanning tree instance per VLAN enabling Layer 2 load sharing on red...

Page 7: ...pply The connector is located at the back of the switch These switches do not have a redundant power supply port The internal power supply is an autoranging unit The internal power supply supports input voltages between 100 and 240 VAC Use the supplied AC power cord to connect the AC power connector to an AC power outlet Indicators Per port status Link integrity disabled activity speed and full du...

Page 8: ...o 4 000 m 10 to 85 noncondensing Operating relative humidity 10 to 85 noncondensing Storage relative humidity Environmental Ranges Not more than following in one year period 96 consecutive hours or 360 hours total or 15 occurrences ISO 7779 ISO 9296 Bystander positions operating to an ambient temperature of 25 C Sound pressure LpA Typical 2960 8TC S No Fan 0 dB 2960 24 S 40 dB 2960 24TC S 40 dB 29...

Page 9: ...T S 63W 214 BTU hour Switch Power Consumption PoE Power Total Output BTU 2960 24PC S 433W 357W 1471 BTU hour 2960 24LC S 162W 119W 550 BTU hour Measured 100 Throughput Power Consumption with maximum possible PoE loads 2960 48PST S 460W 339W 1563 BTU hour Switch Power Consumption PoE Power Total Output BTU 2960 24PC S 237W 185W 814 BTU hour 2960 24LC S 98W 62W 835 BTU hour Measured 5 Throughput Pow...

Page 10: ...O STP EXTENSIONS MIB CISCO SYSLOG MIB Cisco UDLDP MIB CISCO TC MIB CISCO TCP MIB CISCO UDLDP MIB CISCO VLAN IFTABLE RELATIONSHIP MIB CISCO VLAN MEMBERSHIP MIB CISCO VTP MIB ENTITY MIB ETHERLIKE MIB IEEE8021 PAE MIB IEEE8023 LAG MIB IF MIB INET ADDRESS MIB OLD CISCO CHASSIS MIB OLD CISCO FLASH MIB OLD CISCO INTERFACES MIB OLD CISCO IP MIB OLD CISCO SYS MIB OLD CISCO TCP MIB OLD CISCO TS MIB RFC1213...

Page 11: ...pecial terms applicable to your hardware warranty Your formal Warranty Statement including the warranty applicable to Cisco software appears in the Cisco Information Packet that accompanies your Cisco product Duration of Hardware Warranty As long as the original End User continues to own or use the Product provided that fan and power supply warranty is limited to five 5 years In the event of disco...

Page 12: ...on and deployment Installation text and cutover Training Major moves adds and changes Design review and product staging Access to software updates 24 hours Web access to technical repositories Telephone support through the Cisco Technical Assistance Center TAC Advance Replacement of hardware parts Supplements existing staff Helps ensure that functions meet needs Mitigates risk Helps enable proacti...

Page 13: ...ver module for MMF and SMF 1300 nm wavelength GLC SX MM 1000BASE SX SFP transceiver module for MMF 850 nm wavelength GLC T 1000BASE T SFP transceiver module for Category 5 copper wire GLC GE 100FX 100BASE FX SFP module for Gigabit Ethernet ports 1310 nm wavelength 2 km over MMF GLC FE 100FX 100BASE FX SFP module for 100 Mb ports 1310 nm wavelength 2 km over MMF CAB SM LCSC 1M 1m fiber single mode ...

Page 14: ...P BPDU Filtering Multilevel Console Security TACACS Port Security Trunk Port Security Security Port Security for Voice VLANs 802 1p Priority Packet Based Storm Control Egress Shaped Queues Priority Queue Global QoS enable QoS Shaped Round Robin SRR Ingress egress Shared Queues Storm Control Quality of Service Ingress Egress Strict Priority Queuing Weighted Tail Drop WTD Configurable IGMP Leave Tim...

Reviews: