| Capacidad de conmutación 56 gbps |
| Tabla de direcciones mac 16000 direcciones |
| Jumbo frame hasta 9k bytes. la mtu predeterminada es 2k bytes frame sizes up to 9k bytes. the default mtu is 2k bytes |
| Puertos totales del sistema 28 gigabit ethernet |
| Puertos rj-45 24 gigabit ethernet |
| Puertos combo (rj-45 + sfp) 4 sfp |
| Energía dedicada a poe 195w |
| Numero de puestos que soportan poe 24 |
| Dimensiones 445 x 299 x 44 mm (17.5 x 11.76 x 1.73 pulgadas) |
| Peso 3.53 kg (7.78 lb) |
| Layer 2 switching |
| Spanning tree protocol standard 802.1d spanning tree support |
| fast convergence using 802.1w (rapid spanning tree [rstp]), enabled by default |
| multiple spanning tree instances using 802.1s (mstp); 8 instances are supported |
| per-vlan spanning tree plus (pvst+) and rapid pvst+ (rpvst+); 126 instances are supported |
| Port grouping/link aggregation support for ieee 802.3ad link aggregation control protocol (lacp) |
| and #9679; up to 8 groups |
| and #9679; up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation |
| Vlan support for up to 4,094 vlans simultaneously |
| port-based and 802.1q tag-based vlans; mac-based vlan; protocol-based vlan; ip subnet-based vlan |
| management vlan |
| private vlan with promiscuous, isolated, and community port |
| private vlan edge (pve), also known as protected ports, with multiple uplinks |
| guest vlan, unauthenticated vlan |
| dynamic vlan assignment via radius server along with 802.1x client authentication |
| cpe vlan |
| Voice vlan voice traffic is automatically assigned to a voice-specific vlan and treated with appropriate levels of qos. auto voice capabilities deliver network wide zero-touch deployment of voice endpoints and call control devices |
| Multicast tv vlan multicast tv vlan allows the single multicast vlan to be shared in the network while subscribers remain in separate vlans. this feature is also known as multicast vlan registration (mvr) |
| Vlan translation support for vlan one-to-one mapping. in vlan one-to-one mapping, on an edge interface customer vlans (c-vlans) are mapped to service provider vlans (s-vlans) and the original c-vlan tags are replaced by the specified s-vlan |
| Q-in-q vlans transparently cross a service provider network while isolating traffic among customers |
| Selective q-in-q selective q-in-q is an enhancement to the basic q-in-q feature and provides, per edge interface, multiple mappings of different c-vlans to separate s-vlans |
| selective q-in-q also allows configuring of ethertype (tag protocol identifier [tpid]) of the s-vlan tag |
| layer 2 protocol tunneling over q-in-q is also supported |
| Generic vlan registration protocol (gvrp)/generic attribute registration protocol (garp) generic vlan registration protocol (gvrp) and generic attribute registration protocol (garp) enable automatic propagation and configuration of vlans in a bridged domain |
| Unidirectional link detection (udld) udld monitors physical connection to detect unidirectional links caused by incorrect wiring or cable/port faults to prevent forwarding loops and black holing of traffic in switched networks |
| Dynamic host configuration protocol (dhcp) relay at layer 2 relay of dhcp traffic to dhcp server in different vlan; works with dhcp option 82 |
| Internet group management protocol (igmp) versions 1, 2, and 3 snooping igmp limits bandwidth-intensive multicast traffic to only the requesters; supports 2k multicast groups (source-specific multicasting is also supported) |
| Igmp querier igmp querier is used to support a layer 2 multicast domain of snooping switches in the absence of a multicast router |
| Head-of-line (hol) blocking hol blocking prevention |
| Loopback detection loopback detection provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. it operates independently of stp |
| Layer 3 |
| Ipv4 routing wirespeed routing of ipv4 packets |
| up to 990 static routes and up to 128 ip interfaces |
| Ipv6 routing wirespeed routing of ipv6 packets |
| Layer 3 interface configuration of layer 3 interface on physical port, link aggregation (lag), vlan interface, or loopback interface |
| Classless interdomain routing (cidr) support for classless interdomain routing |
| Policy-based routing (pbr) flexible routing control to direct packets to different next hop based on ipv4 or ipv6 access control list (acl) |
| Dhcp server switch functions as an ipv4 dhcp server serving ip addresses for multiple dhcp pools/scopes |
| support for dhcp options |
| Dhcp relay at layer 3 relay of dhcp traffic across ip domains |
| User datagram protocol (udp) relay relay of broadcast information across layer 3 domains for application discovery or relaying of bootstrap protocol (bootp)/dhcp packets |
| Stacking |
| Hardware stack up to 4 units in a stack. up to 192 ports managed as a single system with hardware failover |
| High availability fast stack failover delivers minimal traffic loss. support link aggregation across multiple units in a stack |
| Plug-and-play stacking configuration/management master/backup for resilient stack control |
| autonumbering |
| hot swap of units in stack |
| ring and chain stacking options, auto stacking port speed, flexible stacking port options |
| High-speed stack interconnects cost-effective high-speed 10g fiber interfaces. |
| Security |
| Secure shell (ssh) protocol ssh is a secure replacement for telnet traffic. secure copy protocol (scp) also uses ssh. ssh v1 and v2 are supported |
| Secure sockets layer (ssl) ssl support: encrypts all https traffic, allowing highly secure access to the browser-based management gui in the switch |
| Ieee 802.1x (authenticator role) 802.1x: remote authentication dial-in user service (radius) authentication and accounting, md5 hash; guest vlan; unauthenticated vlan, single/multiple host mode and single/multiple sessions |
| supports time-based 802.1x; dynamic vlan assignment |
| Web-based authentication web-based authentication provides network admission control through web browser to any host devices and operating systems |
| Stp bridge protocol data unit (bpdu) guard a security mechanism to protect the network from invalid configurations. a port enabled for bpdu guard is shut down if a bpdu message is received on that port. this avoids accidental topology loops |
| Stp root guard this prevents edge devices not in the network administrators control from becoming spanning tree protocol root nodes |
| Stp loopback guard provides additional protection against layer 2 forwarding loops (stp loops) |
| Dhcp snooping filters out dhcp messages with unregistered ip addresses and/or from unexpected or untrusted interfaces. this prevents rogue devices from behaving as dhcp servers. |
| Ip source guard (ipsg) when ip source guard is enabled at a port, the switch filters out ip packets received from the port if the source ip addresses of the packets have not been statically configured or dynamically learned from dhcp snooping. this prevents ip address spoofing. |
| Dynamic arp inspection (dai) the switch discards arp packets from a port if there are no static or dynamic ip/mac bindings or if there is a discrepancy between the source or destination addresses in the arp packet. this prevents man-in-the-middle attacks. |
| Ip/mac/port binding (ipmb) the preceding features (dhcp snooping, ip source guard, and dynamic arp inspection) work together to prevent dos attacks in the network, thereby increasing network availability |
| Secure core technology (sct) makes sure that the switch will receive and process management and protocol traffic no matter how much traffic is received |
| Secure sensitive data (ssd) a mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices, and secure autoconfig. access to view the sensitive data as plaintext or encrypted is provided according to the user-configured access level and the access method of the user. |
| Trustworthy systems trustworthy systems provide a highly secure foundation for cisco products |
| run-time defenses (executable space protection [x-space], address space layout randomization [aslr], built-in object size checking [bosc]) |
| Private vlan private vlan provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users traffic; supports multiple uplinks |
| Layer 2 isolation private vlan edge (pve) with community vlan pve (also known as protected ports) provides layer 2 isolation between devices in the same vlan, supports multiple uplinks |
| Port security ability to lock source mac addresses to ports and limits the number of learned mac addresses |
| Radius/tacacs+ supports radius and tacacs authentication. switch functions as a client |
| Radius accounting the radius accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session |
| Storm control broadcast, multicast, and unknown unicast |
| Dos prevention denial-of-service (dos) attack prevention |
| Multiple user privilege levels in cli level 1, 7, and 15 privilege levels |
| Acls support for up to 1,024 rules |
| drop or rate limit based on source and destination mac, vlan id, ipv4 or ipv6 address, ipv6 flow label, protocol, port, differentiated services code point (dscp)/ip precedence, transmission control protocol/user datagram protocol (tcp/udp) source and destination ports, 802.1p priority, ethernet type, internet control message protocol (icmp) packets, igmp packets, tcp flag; acl can be applied on both ingress and egress sides |
| time-based acls supported |
| Quality of service |
| Priority levels 8 hardware queues |
Valoraciones
No hay valoraciones aún.