Cisco Catalyst 2960 X Series [WS-C2960X-48LPS-L]
10/100/1000 Ethernet ports = 48
Uplink interfaces = 4 SFP
Cisco IOS Software image = LAN Base
Available PoE power = 370W
FlexStack-Plus and FlexStack-Extended capability = Yes
Comprehensive 802.1X features to control access to the network, including Flexible Authentication, 802.1X monitor mode, and RADIUS Change of Authorization.
● IPv6 First-Hop Security enhances Layer 2 and Layer 3 network access for proliferating IPv6 devices, especially BYOD devices. It protects against rogue router advertisements, address spoofing, fake Dynamic Host Configuration Protocol (DHCP) replies, and other risks introduced by IPv6 technology.
● Device sensor and device classifier, enabling seamless versatile device profiles, including BYOD devices. They also enable the Cisco Identity Services Engine (ISE) to provision identity-based security policies. This feature is available on both the 2960-X and 2960-XR Series switches.
● Cisco Trust Anchor Technology, enabling easy distribution of a single universal image for all models of the 2960-X and 2960-XR Series by verifying the authenticity of Cisco IOS Software images. This technology allows the switch to perform Cisco IOS integrity checks at boot-up by verifying the signature, verifying the trusted asset under management, and authenticating the license.
● Cisco Threat Defense features, including Port Security, Dynamic ARP Inspection (DAI), and IP Source Guard.
● Private VLANs that restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multiaccess-like segment. This feature is supported on both 2960-X and 2960-XR Series and is available in both LAN Base and IP Lite feature sets.
◦ Private VLAN Edge to provide security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic.
● Unicast Reverse Path Forwarding (uRPF) to help mitigate problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. This feature is available in the IP Lite feature set only.
● Multidomain Authentication to allow an IP phone and a PC to authenticate on the same switch port while being placed on appropriate voice and data VLANs.
● Access Control Lists (ACLs) for IPv6 and IPv4 for security and QoS ACL elements (ACEs).
◦ VLAN ACLs on all VLANs to prevent unauthorized data flows from being bridged within VLANs.
◦ Router ACLs that define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
◦ Port-based ACLs for Layer 2 interfaces to allow security policies to be applied on individual switch ports.
◦ Downloadable ACLs (dACLs) to download ACLs from a RADIUS server during 802.1X authentication.
● SSH, Kerberos, and SNMPv3, providing network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
● SPAN, with bidirectional data support, to allow Cisco Intrusion Detection System (IDS) to take action when an intruder is detected.
● TACACS+ and RADIUS authentication to facilitate centralized control of the switch and restrict unauthorized users from altering the configuration.
● MAC address Notification to notify administrators about users added to or removed from the network.
● Multilevel security on console access to prevent unauthorized users from altering the switch configuration.
● BPDU Guard to shut down Spanning-Tree Port Fast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
● Spanning Tree Root Guard (STRG) to prevent edge devices that are not in the network administrator’s control from becoming Spanning Tree Protocol (STP) root nodes.
● Internet Group Management Protocol (IGMP) filtering to provide multicast authentication by filtering out nonsubscribers and to limit the number of concurrent multicast streams available per port.
● Dynamic VLAN assignment through implementation of VLAN Membership Policy Server client capability to provide flexibility in assigning ports to VLANs. Dynamic VLAN facilitates the fast assignment of IP addresses.
● Cisco Identity Services Engine (ISE) support to enable the 2960-XR Series switches to offer security management for all connected devices.
Enhanced QoS The Cisco Catalyst 2960-X
call us for detail :