Cisco 2950SX 24 - Catalyst Switch - Stackable Instrukcja Użytkownika Pobierz pdf (Strona 4)

Cisco Systems, Inc.

Page 4 of 17

IEEE802.1s MultipleSpanning Treestandard canbe deployed inconjunction with802.1w to improvethe scalability

of the STP by grouping VLANs into spanning tree instances, as well as to provide backward compatibility to devices

running the 802.1D STP.

In addition, service providers can enable Bridge Protocol Data Unit (BPDU) guard and Spanning Tree Root Guard

(STRG) to enhance the reliability of their networks. BPDU guard allows the service provider to shut down STP

PortFast-enabled interfaces to avoid receiving BPDUs from their customers’ networks. STRG prevents customer

devices outside of the service provider’s network from becoming STP root nodes.

The Cisco Catalyst 2950 Series enables the service provider to construct a highly redundant network. PVST+ allows

the service provider to implement Layer 2 load-sharing on redundant links, efﬁciently utilizing the extra capacity

inherent in a redundant design. Service providers can also utilize Cisco EtherChannel

technology to aggregate up

to 4 Gbpsthrough GigabitEtherChannel technology andup to1.6 Gbpsthrough Fast EtherChanneltechnology. The

Cisco EtherChannel technology enhances fault tolerance and offers higher-speed aggregated bandwidth between

switches and to routers.

In addition to resiliency andnetwork redundancy advantages, the Cisco Catalyst 2950Series enables metro network

scalability at the access edge through its support of Cisco CWDM GBIC Solution. This solution allows service

providers to scale their bandwidth without deploying additional ﬁber. The service provider can scale up to eight

gigabits of bandwidth on a pair of single-mode ﬁbers at distances up to 120 km. With the support for Cisco CWDM

GBICs on the Cisco Catalyst 2950 Series, service providers can aggregate multiple Cisco Catalyst 2950 Series

switches to easily upgrade network bandwidth with existing ﬁber infrastructure.

Metro network scalability is also enhanced by the Cisco Catalyst 2950 Series support of 4096 VLAN IDs and 256

active VLANs per switch.

Service Security Through Cisco Access Control Parameters and Enhanced Security

Features

The Cisco Catalyst 2950 Series offers enhanced data security through the use of access control parameters (ACPs).

By denying packets based on source and destination MAC addresses, IP addresses, or TCP/UDP ports, users can be

restricted from sensitive portions of the network. Also, because all ACP lookups are done in hardware, forwarding

performance is not compromised when implementing ACP-based security in the network.

Service providers can also implement higher levels of data security by supporting private VLAN edge. This feature

provides security and isolation between ports on a switch, ensuring that trafﬁc travels directly from its entry point

to the aggregation device through a virtual path and cannot be directed to a different port. Local Proxy Address

Resolution Protocol (ARP) works in conjunction with private VLAN edge to minimize broadcasts and maximize

available bandwidth.

WiththeCiscoCatalyst 2950 Series,serviceproviders can implementhighlevelsof console security. Multilevelaccess

security on the switch console and the Web-based management interfaceprevents unauthorized users from accessing

or altering switch conﬁguration. Terminal Access Controller Access Control System (TACACS+) authentication

enables centralized access control of the switch and restricts unauthorized users from altering the conﬁguration.

Service providers are also able to enhance their network security by adding 802.1x port-based authentication for

authenticating individual customers, and port security with MAC address aging for limiting the concurrent MAC

addresses allowed per port.

1 2 3 4 5 6 7 8 9 ... 16 17

Brak uwag

Cisco 2950SX 24 - Catalyst Switch - Stackable Instrukcja Użytkownika Strona 4