Switch Cisco CBS350-8T-E-2G
Switch Cisco CBS350-8T-E-2G
KHUYẾN MÃI
Miễn phí hướng dẫn sử dụng và cài đặt từ xa cho khách hàng ở xa.
Miễn phí giao hàng, cài đặt và hướng dẫn sử dụng khu vực HCM.
Chính sách bán hàng
Switch Cisco CBS350-8T-E-2G-EU cung cấp sự kết hợp lý tưởng giữa khả năng chi trả và khả năng cho văn phòng nhỏ, đồng thời giúp bạn tạo ra lực lượng lao động hiệu quả hơn, được kết nối tốt hơn.Thiết bị chuyển mạch CBS350-8T-E-2G-EU là dòng thiết bị chuyển mạch Ethernet được quản lý cấu hình cố định. Tuy nhiên, không giống như các giải pháp chuyển mạch doanh nghiệp nhỏ khác chỉ cung cấp các khả năng mạng được quản lý trong các mô hình đắt tiền nhất, CBS350-8T-E-2G-EU còn hỗ trợ khả năng quản lý bảo mật nâng cao và các tính năng mạng mà bạn cần để hỗ trợ dữ liệu cấp doanh nghiệp, thoại, bảo mật và công nghệ không dây .
Đồng thời, Cisco CBS350-8T-E-2G-EU rất dễ triển khai và cấu hình, cho phép bạn tận dụng các dịch vụ mạng được quản lý mà doanh nghiệp của bạn cần.
Model | CBS350-8T-E-2G-EU |
Performance | |
Capacity in Millions of Packets per Second (mpps) (64-byte packets) | 14.88mpps |
Switching Capacity | 20.0Gbps |
General | |
Jumbo frames | Frame sizes up to 9K bytes. The default MTU is 2K bytes |
MAC table | 16K addresses |
Buttons | Reset button |
Cabling type | Unshielded Twisted Pair (UTP) Category 5e or better for 1000BASE-T |
LEDs | System, Link/Act, PoE, Speed |
Flash | 256 MB |
CPU | 800MHz ARM |
DRAM | 512 MB |
Packet buffer | 1.5 MB |
Ports | |
Total System Ports | 10 x Gigabit Ethernet |
RJ-45 Ports | 8 x Gigabit Ethernet |
Combo Ports (RJ45 + Small form-factor pluggable [SFP]) | 2 x Gigabit Ethernet combo |
Console port | Cisco standard mini USB Type-B/RJ45 console port |
USB slot | USB Type-A slot on the front panel of the switch for easy file and image management |
Discovery | |
Bonjour | The switch advertises itself using the Bonjour protocol |
Link Layer Discovery Protocol (LLDP) (802.1ab) with LLDP‑MED extensions | LLDP allows the switch to advertise its identification, configuration, and capabilities to neighboring devices that store the data in a MIB. LLDP-MED is an enhancement to LLDP that adds the extensions needed for IP phones |
Cisco Discovery Protocol | The switch advertises itself using the Cisco Discovery Protocol. It also learns the connected device and its characteristics via Cisco Discovery Protocol |
Power consumption (worst case) | |
System Power Consumption | 110V=12.55W 220V=12.56W |
Heat Dissipation (BTU/hr) | 42.86 |
Environmental | |
Unit dimensions (W x D x H) | 268 x 185 x 44 mm |
Unit weight | 1.39 kg |
Power | 100-240V 50-60 Hz, external |
Certification | UL (UL 60950), CSA (CSA 22.2), CE mark, FCC Part 15 (CFR 47) Class A |
Operating temperature | -5° to 50°C |
Storage temperature | -25° to 70°C |
Operating humidity | 10% to 90%, relative, noncondensing |
Storage humidity | 10% to 90%, relative, noncondensing |
Acoustic noise and Mean Time Between Failure (MTBF) | |
FAN (Number) | Fanless |
MTBF at 25°C (hours) | 2,171,669 |
Layer 2 Switching | |
Spanning Tree Protocol | Standard 802.1d Spanning Tree support Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]), enabled by default Multiple Spanning Tree instances using 802.1s (MSTP); 8 instances are supported Per-VLAN Spanning Tree Plus (PVST+) and Rapid PVST+ (RPVST+); 126 instances are supported |
Port grouping/link aggregation | Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP) - Up to 8 groups - Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation |
VLAN | Support for up to 4,094 VLANs simultaneously Port-based and 802.1Q tag-based VLANs; MAC-based VLAN; protocol-based VLAN; IP subnet-based VLAN Management VLAN Private VLAN with promiscuous, isolated, and community port Private VLAN Edge (PVE), also known as protected ports, with multiple uplinks Guest VLAN, unauthenticated VLAN Dynamic VLAN assignment via RADIUS server along with 802.1x client authentication CPE VLAN |
Voice VLAN | Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS. Auto voice capabilities deliver network wide zero-touch deployment of voice endpoints and call control devices |
Multicast TV VLAN | Multicast TV VLAN allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs. This feature is also known as Multicast VLAN Registration (MVR) |
VLAN Translation | Support for VLAN One-to-One Mapping. In VLAN One-to-One Mapping, on an edge interface customer VLANs (C-VLANs) are mapped to service provider VLANs (S-VLANs) and the original C-VLAN tags are replaced by the specified S-VLAN |
Q-in-Q | VLANs transparently cross a service provider network while isolating traffic among customers |
Selective Q-in-Q | Selective Q-in-Q is an enhancement to the basic Q-in-Q feature and provides, per edge interface, multiple mappings of different C-VLANs to separate S-VLANs Selective Q-in-Q also allows configuring of Ethertype (Tag Protocol Identifier [TPID]) of the S-VLAN tag Layer 2 protocol tunneling over Q-in-Q is also supported |
Generic VLAN Registration Protocol (GVRP)/Generic Attribute Registration Protocol (GARP) | Generic VLAN Registration Protocol (GVRP) and Generic Attribute Registration Protocol (GARP) enable automatic propagation and configuration of VLANs in a bridged domain |
Unidirectional Link Detection (UDLD) | UDLD monitors physical connection to detect unidirectional links caused by incorrect wiring or cable/port faults to prevent forwarding loops and black holing of traffic in switched networks |
Dynamic Host Configuration Protocol (DHCP) Relay at Layer 2 | Relay of DHCP traffic to DHCP server in different VLAN; works with DHCP Option 82 |
Internet Group Management Protocol (IGMP) versions 1, 2, and 3 snooping | IGMP limits bandwidth-intensive multicast traffic to only the requesters; supports 2K multicast groups (source-specific multicasting is also supported) |
IGMP Querier | IGMP querier is used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router |
Head-of-Line (HOL) blocking | HOL blocking prevention |
Loopback Detection | Loopback detection provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. It operates independently of STP |
Layer 3 | |
IPv4 routing | Wirespeed routing of IPv4 packets Up to 990 static routes and up to 128 IP interfaces |
IPv6 routing | Wirespeed routing of IPv6 packets |
Layer 3 Interface | Configuration of Layer 3 interface on physical port, Link Aggregation (LAG), VLAN interface, or loopback interface |
Classless Interdomain Routing (CIDR) | Support for classless interdomain routing |
RIP v2 | Support for Routing Information Protocol version 2 for dynamic routing |
Policy-Based Routing (PBR) | Flexible routing control to direct packets to different next hop based on IPv4 or IPv6 Access Control List (ACL) |
DHCP Server | Switch functions as an IPv4 DHCP server serving IP addresses for multiple DHCP pools/scopes Support for DHCP options |
DHCP relay at Layer 3 | Relay of DHCP traffic across IP domains |
User Datagram Protocol (UDP) relay | Relay of broadcast information across Layer 3 domains for application discovery or relaying of Bootstrap Protocol (BOOTP)/DHCP packets |
Security | |
Secure Shell (SSH) Protocol | SSH is a secure replacement for Telnet traffic. Secure Copy Protocol (SCP) also uses SSH. SSH v1 and v2 are supported |
Secure Sockets Layer (SSL) | SSL support: Encrypts all HTTPS traffic, allowing highly secure access to the browser-based management GUI in the switch |
IEEE 802.1X (Authenticator role) | 802.1X: Remote Authentication Dial-In User Service (RADIUS) authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN, single/multiple host mode and single/multiple sessions Supports time-based 802.1X; dynamic VLAN assignment |
Web-based authentication | Web-based authentication provides network admission control through web browser to any host devices and operating systems |
STP Bridge Protocol Data Unit (BPDU) Guard | A security mechanism to protect the network from invalid configurations. A port enabled for BPDU Guard is shut down if a BPDU message is received on that port. This avoids accidental topology loops |
STP Root Guard | This prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes |
STP loopback guard | Provides additional protection against Layer 2 forwarding loops (STP loops) |
DHCP snooping | Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces. This prevents rogue devices from behaving as DHCP Servers. |
IP Source Guard (IPSG) | When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the source IP addresses of the packets have not been statically configured or dynamically learned from DHCP snooping. This prevents IP address spoofing |
Dynamic ARP Inspection (DAI) | The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if there is a discrepancy between the source or destination addresses in the ARP packet. This prevents man-in-the-middle attacks |
IP/MAC/Port Binding (IPMB) | The preceding features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) work together to prevent DOS attacks in the network, thereby increasing network availability |
Secure Core Technology (SCT) | Makes sure that the switch will receive and process management and protocol traffic no matter how much traffic is received |
Secure Sensitive Data (SSD) | A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices, and secure autoconfig. Access to view the sensitive data as plaintext or encrypted is provided according to the user-configured access level and the access method of the user |
Trustworthy systems | Trustworthy systems provide a highly secure foundation for Cisco products Run-time defenses (Executable Space Protection [X-Space], Address Space Layout Randomization [ASLR], Built-In Object Size Checking [BOSC]) |
Private VLAN | Private VLAN provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic; supports multiple uplinks |
Layer 2 isolation Private VLAN Edge (PVE) with community VLAN | PVE (also known as protected ports) provides Layer 2 isolation between devices in the same VLAN, supports multiple uplinks |
Port security | Ability to lock source MAC addresses to ports and limits the number of learned MAC addresses |
RADIUS/TACACS+ | Supports RADIUS and TACACS authentication. Switch functions as a client |
RADIUS accounting | The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session |
Storm control | Broadcast, multicast, and unknown unicast |
DoS prevention | Denial-of-Service (DOS) attack prevention |
Multiple user privilege levels in CLI | Level 1, 7, and 15 privilege levels |
ACLs | Support for up to 1,024 rules Drop or rate limit based on source and destination MAC, VLAN ID, IPv4 or IPv6 address, IPv6 flow label, protocol, port, Differentiated Services Code Point (DSCP)/IP precedence, Transmission Control Protocol/User Datagram Protocol (TCP/UDP) source and destination ports, 802.1p priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets, TCP flag; ACL can be applied on both ingress and egress sides Time-based ACLs supported |
Quality of Service | |
Priority levels | 8 hardware queues |
Scheduling | Strict priority and Weighted Round-Robin (WRR) |
Class of service | Port based; 802.1p VLAN priority-based; IPv4/v6 IP precedence/Type of Service (ToS)/DSCP-based; Differentiated Services (DiffServ); classification and remarking ACLs, trusted QoS Queue assignment based on DSCP and class of service (802.1p/CoS) |
Rate limiting | Ingress policer; egress shaping and rate control; per VLAN, per port, and flow based; 2R3C policing |
Congestion avoidance | A TCP congestion avoidance algorithm is required to minimize and prevent global TCP loss synchronization |
iSCSI traffic optimization | A mechanism for giving priority to iSCSI traffic over other types of traffic |
Standards | |
Standards | IEEE 802.3 10BASE-T Ethernet, IEEE 802.3u 100BASE-TX Fast Ethernet, IEEE 802.3ab 1000BASE-T Gigabit Ethernet, IEEE 802.3ad Link Aggregation Control Protocol, IEEE 802.3z Gigabit Ethernet, IEEE 802.3ae 10 Gbit/s Ethernet over fiber for LAN, IEEE 802.3an 10GBase-T 10 Gbit/s Ethernet over copper twisted pair cable, IEEE 802.3x Flow Control, IEEE 802.1D (STP, GARP, and GVRP), IEEE 802.1Q/p VLAN, IEEE 802.1w Rapid STP, IEEE 802.1s Multiple STP, IEEE 802.1X Port Access Authentication, IEEE 802.3af, IEEE 802.3at, IEEE 802.1AB Link Layer Discovery Protocol, IEEE 802.3az Energy Efficient Ethernet, RFC 768, RFC 783, RFC 791, RFC 792, RFC 793, RFC 813, RFC 826, RFC 879, RFC 896, RFC 854, RFC 855, RFC 856, RFC 858, RFC 894, RFC 919, RFC 920, RFC 922, RFC 950, RFC 951, RFC 1042, RFC 1071, RFC 1123, RFC 1141, RFC 1155, RFC 1157, RFC 1213, RFC 1215, RFC 1286, RFC 1350, RFC 1442, RFC 1451, RFC 1493, RFC 1533, RFC 1541, RFC 1542, RFC 1573, RFC 1624, RFC 1643, RFC 1700, RFC 1757, RFC 1867, RFC 1907, RFC 2011, RFC 2012, RFC 2013, RFC 2030, RFC 2131, RFC 2132, RFC 2233, RFC 2576, RFC 2616, RFC 2618, RFC 2665, RFC 2666, RFC 2674, RFC 2737, RFC 2819, RFC 2863, RFC 3164, RFC 3176, RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415, RFC 3416, RFC 4330 |
IPv6 | |
IPv6 | IPv6 host mode; IPv6 over Ethernet; Dual IPv6/IPv4 stack IPv6 neighbor and router discovery (ND); IPv6 stateless address autoconfiguration; Path Maximum Transmission Unit (MTU) discovery Duplicate Address Detection (DAD); ICMP version 6 DHCPv6 stateful client IPv6 over IPv4 network with Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnel support USGv6 and IPv6 Gold Logo certified |
IPv6 QoS | Prioritize IPv6 packets in hardware |
IPv6 ACL | Drop or rate limit IPv6 packets in hardware |
IPv6 First Hop Security | RA guard ND inspection DHCPv6 guard Neighbor binding table (snooping and static entries) Neighbor binding integrity check |
Multicast Listener Discovery (MLD v1/2) snooping | Deliver IPv6 multicast packets only to the required receivers |
IPv6 applications | Web/SSL, Telnet server/SSH, ping, traceroute, Simple Network Time Protocol (SNTP), Trivial File Transfer Protocol (TFTP), SNMP, RADIUS, syslog, Domain Name System (DNS) client, Telnet Client, DHCP Client, DHCP Autoconfig, IPv6 DHCP Relay, Terminal Access Controller Access Control System Plus (TACACS+) |
IPv6 RFCs supported | RFC 4443 (which obsoletes RFC2463): ICMP version 6 RFC 4291 (which obsoletes RFC 3513): IPv6 address architecture RFC 4291: IPv6 addressing architecture RFC 2460: IPv6 specification RFC 4861 (which obsoletes RFC 2461): neighbor discovery for IPv6 RFC 4862 (which obsoletes RFC 2462): IPv6 stateless address autoconfiguration RFC 1981: path MTU discovery RFC 4007: IPv6 scoped address architecture RFC 3484: default address selection mechanism RFC 5214 (which obsoletes RFC 4214): ISATAP tunneling RFC 4293: MIB IPv6: textual conventions and general group RFC 3595: textual conventions for IPv6 flow label |
Management | |
Cisco Business Dashboard | Support for embedded probe for Cisco Business Dashboard running on the switch. Eliminates the need to set up a separate hardware or virtual machine for the Cisco Business Dashboard Probe on site |
Cisco Business mobile app | Mobile app for Cisco Business Switch and Wireless products. Helps to set up a local network in minutes and provide easy management at your fingertips |
Cisco Network Plug and Play (PnP) agent | The Cisco Network Plug and Play solution provides a simple, secure, unified, and integrated offering to ease new branch or campus device rollouts or for provisioning updates to an existing network. The solution provides a unified approach to provision Cisco routers, switches, and wireless devices with a near-zero-touch deployment experience Supports Cisco PnP Connect |
Web user interface | Built-in switch configuration utility for easy browser-based device configuration (HTTP/HTTPS). Supports simple and advanced mode, configuration, wizards, customizable dashboard, system maintenance, monitoring, online help, and universal search |
SNMP | SNMP versions 1, 2c, and 3 with support for traps, and SNMP version 3 User-based Security Model (USM) |
Remote Monitoring (RMON) | Embedded RMON software agent supports 4 RMON groups (history, statistics, alarms, and events) for enhanced traffic management, monitoring, and analysis |
IPv4 and IPv6 dual stack | Coexistence of both protocol stacks to ease migration |
Firmware upgrade | Web browser upgrade (HTTP/HTTPS) and TFTP and upgrade over SCP running over SSH Dual images for resilient firmware upgrades |
Port mirroring | Traffic on a port can be mirrored to another port for analysis with a network analyzer or RMON probe. Up to 8 source ports can be mirrored to one destination port |
VLAN mirroring | Traffic from a VLAN can be mirrored to a port for analysis with a network analyzer or RMON probe. Up to 8 source VLANs can be mirrored to one destination port |
DHCP (options 12, 66, 67, 82, 129, and 150) | DHCP options facilitate tighter control from a central point (DHCP server) to obtain IP address, autoconfiguration (with configuration file download), DHCP relay, and hostname |
Secure Copy (SCP) | Securely transfer files to and from the switch |
Autoconfiguration with Secure Copy (SCP) file download | Enables secure mass deployment with protection of sensitive data |
Text-editable config files | Config files can be edited with a text editor and downloaded to another switch, facilitating easier mass deployment |
Smartports |
Model | CBS350-8T-E-2G-EU |
Performance | |
Capacity in Millions of Packets per Second (mpps) (64-byte packets) | 14.88mpps |
Switching Capacity | 20.0Gbps |
General | |
Jumbo frames | Frame sizes up to 9K bytes. The default MTU is 2K bytes |
MAC table | 16K addresses |
Buttons | Reset button |
Cabling type | Unshielded Twisted Pair (UTP) Category 5e or better for 1000BASE-T |
LEDs | System, Link/Act, PoE, Speed |
Flash | 256 MB |
CPU | 800MHz ARM |
DRAM | 512 MB |
Packet buffer | 1.5 MB |
Ports | |
Total System Ports | 10 x Gigabit Ethernet |
RJ-45 Ports | 8 x Gigabit Ethernet |
Combo Ports (RJ45 + Small form-factor pluggable [SFP]) | 2 x Gigabit Ethernet combo |
Console port | Cisco standard mini USB Type-B/RJ45 console port |
USB slot | USB Type-A slot on the front panel of the switch for easy file and image management |
Discovery | |
Bonjour | The switch advertises itself using the Bonjour protocol |
Link Layer Discovery Protocol (LLDP) (802.1ab) with LLDP‑MED extensions | LLDP allows the switch to advertise its identification, configuration, and capabilities to neighboring devices that store the data in a MIB. LLDP-MED is an enhancement to LLDP that adds the extensions needed for IP phones |
Cisco Discovery Protocol | The switch advertises itself using the Cisco Discovery Protocol. It also learns the connected device and its characteristics via Cisco Discovery Protocol |
Power consumption (worst case) | |
System Power Consumption | 110V=12.55W 220V=12.56W |
Heat Dissipation (BTU/hr) | 42.86 |
Environmental | |
Unit dimensions (W x D x H) | 268 x 185 x 44 mm |
Unit weight | 1.39 kg |
Power | 100-240V 50-60 Hz, external |
Certification | UL (UL 60950), CSA (CSA 22.2), CE mark, FCC Part 15 (CFR 47) Class A |
Operating temperature | -5° to 50°C |
Storage temperature | -25° to 70°C |
Operating humidity | 10% to 90%, relative, noncondensing |
Storage humidity | 10% to 90%, relative, noncondensing |
Acoustic noise and Mean Time Between Failure (MTBF) | |
FAN (Number) | Fanless |
MTBF at 25°C (hours) | 2,171,669 |
Layer 2 Switching | |
Spanning Tree Protocol | Standard 802.1d Spanning Tree support Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]), enabled by default Multiple Spanning Tree instances using 802.1s (MSTP); 8 instances are supported Per-VLAN Spanning Tree Plus (PVST+) and Rapid PVST+ (RPVST+); 126 instances are supported |
Port grouping/link aggregation | Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP) - Up to 8 groups - Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation |
VLAN | Support for up to 4,094 VLANs simultaneously Port-based and 802.1Q tag-based VLANs; MAC-based VLAN; protocol-based VLAN; IP subnet-based VLAN Management VLAN Private VLAN with promiscuous, isolated, and community port Private VLAN Edge (PVE), also known as protected ports, with multiple uplinks Guest VLAN, unauthenticated VLAN Dynamic VLAN assignment via RADIUS server along with 802.1x client authentication CPE VLAN |
Voice VLAN | Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS. Auto voice capabilities deliver network wide zero-touch deployment of voice endpoints and call control devices |
Multicast TV VLAN | Multicast TV VLAN allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs. This feature is also known as Multicast VLAN Registration (MVR) |
VLAN Translation | Support for VLAN One-to-One Mapping. In VLAN One-to-One Mapping, on an edge interface customer VLANs (C-VLANs) are mapped to service provider VLANs (S-VLANs) and the original C-VLAN tags are replaced by the specified S-VLAN |
Q-in-Q | VLANs transparently cross a service provider network while isolating traffic among customers |
Selective Q-in-Q | Selective Q-in-Q is an enhancement to the basic Q-in-Q feature and provides, per edge interface, multiple mappings of different C-VLANs to separate S-VLANs Selective Q-in-Q also allows configuring of Ethertype (Tag Protocol Identifier [TPID]) of the S-VLAN tag Layer 2 protocol tunneling over Q-in-Q is also supported |
Generic VLAN Registration Protocol (GVRP)/Generic Attribute Registration Protocol (GARP) | Generic VLAN Registration Protocol (GVRP) and Generic Attribute Registration Protocol (GARP) enable automatic propagation and configuration of VLANs in a bridged domain |
Unidirectional Link Detection (UDLD) | UDLD monitors physical connection to detect unidirectional links caused by incorrect wiring or cable/port faults to prevent forwarding loops and black holing of traffic in switched networks |
Dynamic Host Configuration Protocol (DHCP) Relay at Layer 2 | Relay of DHCP traffic to DHCP server in different VLAN; works with DHCP Option 82 |
Internet Group Management Protocol (IGMP) versions 1, 2, and 3 snooping | IGMP limits bandwidth-intensive multicast traffic to only the requesters; supports 2K multicast groups (source-specific multicasting is also supported) |
IGMP Querier | IGMP querier is used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router |
Head-of-Line (HOL) blocking | HOL blocking prevention |
Loopback Detection | Loopback detection provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. It operates independently of STP |
Layer 3 | |
IPv4 routing | Wirespeed routing of IPv4 packets Up to 990 static routes and up to 128 IP interfaces |
IPv6 routing | Wirespeed routing of IPv6 packets |
Layer 3 Interface | Configuration of Layer 3 interface on physical port, Link Aggregation (LAG), VLAN interface, or loopback interface |
Classless Interdomain Routing (CIDR) | Support for classless interdomain routing |
RIP v2 | Support for Routing Information Protocol version 2 for dynamic routing |
Policy-Based Routing (PBR) | Flexible routing control to direct packets to different next hop based on IPv4 or IPv6 Access Control List (ACL) |
DHCP Server | Switch functions as an IPv4 DHCP server serving IP addresses for multiple DHCP pools/scopes Support for DHCP options |
DHCP relay at Layer 3 | Relay of DHCP traffic across IP domains |
User Datagram Protocol (UDP) relay | Relay of broadcast information across Layer 3 domains for application discovery or relaying of Bootstrap Protocol (BOOTP)/DHCP packets |
Security | |
Secure Shell (SSH) Protocol | SSH is a secure replacement for Telnet traffic. Secure Copy Protocol (SCP) also uses SSH. SSH v1 and v2 are supported |
Secure Sockets Layer (SSL) | SSL support: Encrypts all HTTPS traffic, allowing highly secure access to the browser-based management GUI in the switch |
IEEE 802.1X (Authenticator role) | 802.1X: Remote Authentication Dial-In User Service (RADIUS) authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN, single/multiple host mode and single/multiple sessions Supports time-based 802.1X; dynamic VLAN assignment |
Web-based authentication | Web-based authentication provides network admission control through web browser to any host devices and operating systems |
STP Bridge Protocol Data Unit (BPDU) Guard | A security mechanism to protect the network from invalid configurations. A port enabled for BPDU Guard is shut down if a BPDU message is received on that port. This avoids accidental topology loops |
STP Root Guard | This prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes |
STP loopback guard | Provides additional protection against Layer 2 forwarding loops (STP loops) |
DHCP snooping | Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces. This prevents rogue devices from behaving as DHCP Servers. |
IP Source Guard (IPSG) | When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the source IP addresses of the packets have not been statically configured or dynamically learned from DHCP snooping. This prevents IP address spoofing |
Dynamic ARP Inspection (DAI) | The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if there is a discrepancy between the source or destination addresses in the ARP packet. This prevents man-in-the-middle attacks |
IP/MAC/Port Binding (IPMB) | The preceding features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) work together to prevent DOS attacks in the network, thereby increasing network availability |
Secure Core Technology (SCT) | Makes sure that the switch will receive and process management and protocol traffic no matter how much traffic is received |
Secure Sensitive Data (SSD) | A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices, and secure autoconfig. Access to view the sensitive data as plaintext or encrypted is provided according to the user-configured access level and the access method of the user |
Trustworthy systems | Trustworthy systems provide a highly secure foundation for Cisco products Run-time defenses (Executable Space Protection [X-Space], Address Space Layout Randomization [ASLR], Built-In Object Size Checking [BOSC]) |
Private VLAN | Private VLAN provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic; supports multiple uplinks |
Layer 2 isolation Private VLAN Edge (PVE) with community VLAN | PVE (also known as protected ports) provides Layer 2 isolation between devices in the same VLAN, supports multiple uplinks |
Port security | Ability to lock source MAC addresses to ports and limits the number of learned MAC addresses |
RADIUS/TACACS+ | Supports RADIUS and TACACS authentication. Switch functions as a client |
RADIUS accounting | The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session |
Storm control | Broadcast, multicast, and unknown unicast |
DoS prevention | Denial-of-Service (DOS) attack prevention |
Multiple user privilege levels in CLI | Level 1, 7, and 15 privilege levels |
ACLs | Support for up to 1,024 rules Drop or rate limit based on source and destination MAC, VLAN ID, IPv4 or IPv6 address, IPv6 flow label, protocol, port, Differentiated Services Code Point (DSCP)/IP precedence, Transmission Control Protocol/User Datagram Protocol (TCP/UDP) source and destination ports, 802.1p priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets, TCP flag; ACL can be applied on both ingress and egress sides Time-based ACLs supported |
Quality of Service | |
Priority levels | 8 hardware queues |
Scheduling | Strict priority and Weighted Round-Robin (WRR) |
Class of service | Port based; 802.1p VLAN priority-based; IPv4/v6 IP precedence/Type of Service (ToS)/DSCP-based; Differentiated Services (DiffServ); classification and remarking ACLs, trusted QoS Queue assignment based on DSCP and class of service (802.1p/CoS) |
Rate limiting | Ingress policer; egress shaping and rate control; per VLAN, per port, and flow based; 2R3C policing |
Congestion avoidance | A TCP congestion avoidance algorithm is required to minimize and prevent global TCP loss synchronization |
iSCSI traffic optimization | A mechanism for giving priority to iSCSI traffic over other types of traffic |
Standards | |
Standards | IEEE 802.3 10BASE-T Ethernet, IEEE 802.3u 100BASE-TX Fast Ethernet, IEEE 802.3ab 1000BASE-T Gigabit Ethernet, IEEE 802.3ad Link Aggregation Control Protocol, IEEE 802.3z Gigabit Ethernet, IEEE 802.3ae 10 Gbit/s Ethernet over fiber for LAN, IEEE 802.3an 10GBase-T 10 Gbit/s Ethernet over copper twisted pair cable, IEEE 802.3x Flow Control, IEEE 802.1D (STP, GARP, and GVRP), IEEE 802.1Q/p VLAN, IEEE 802.1w Rapid STP, IEEE 802.1s Multiple STP, IEEE 802.1X Port Access Authentication, IEEE 802.3af, IEEE 802.3at, IEEE 802.1AB Link Layer Discovery Protocol, IEEE 802.3az Energy Efficient Ethernet, RFC 768, RFC 783, RFC 791, RFC 792, RFC 793, RFC 813, RFC 826, RFC 879, RFC 896, RFC 854, RFC 855, RFC 856, RFC 858, RFC 894, RFC 919, RFC 920, RFC 922, RFC 950, RFC 951, RFC 1042, RFC 1071, RFC 1123, RFC 1141, RFC 1155, RFC 1157, RFC 1213, RFC 1215, RFC 1286, RFC 1350, RFC 1442, RFC 1451, RFC 1493, RFC 1533, RFC 1541, RFC 1542, RFC 1573, RFC 1624, RFC 1643, RFC 1700, RFC 1757, RFC 1867, RFC 1907, RFC 2011, RFC 2012, RFC 2013, RFC 2030, RFC 2131, RFC 2132, RFC 2233, RFC 2576, RFC 2616, RFC 2618, RFC 2665, RFC 2666, RFC 2674, RFC 2737, RFC 2819, RFC 2863, RFC 3164, RFC 3176, RFC 3411, RFC 3412, RFC 3413, RFC 3414, RFC 3415, RFC 3416, RFC 4330 |
IPv6 | |
IPv6 | IPv6 host mode; IPv6 over Ethernet; Dual IPv6/IPv4 stack IPv6 neighbor and router discovery (ND); IPv6 stateless address autoconfiguration; Path Maximum Transmission Unit (MTU) discovery Duplicate Address Detection (DAD); ICMP version 6 DHCPv6 stateful client IPv6 over IPv4 network with Intrasite Automatic Tunnel Addressing Protocol (ISATAP) tunnel support USGv6 and IPv6 Gold Logo certified |
IPv6 QoS | Prioritize IPv6 packets in hardware |
IPv6 ACL | Drop or rate limit IPv6 packets in hardware |
IPv6 First Hop Security | RA guard ND inspection DHCPv6 guard Neighbor binding table (snooping and static entries) Neighbor binding integrity check |
Multicast Listener Discovery (MLD v1/2) snooping | Deliver IPv6 multicast packets only to the required receivers |
IPv6 applications | Web/SSL, Telnet server/SSH, ping, traceroute, Simple Network Time Protocol (SNTP), Trivial File Transfer Protocol (TFTP), SNMP, RADIUS, syslog, Domain Name System (DNS) client, Telnet Client, DHCP Client, DHCP Autoconfig, IPv6 DHCP Relay, Terminal Access Controller Access Control System Plus (TACACS+) |
IPv6 RFCs supported | RFC 4443 (which obsoletes RFC2463): ICMP version 6 RFC 4291 (which obsoletes RFC 3513): IPv6 address architecture RFC 4291: IPv6 addressing architecture RFC 2460: IPv6 specification RFC 4861 (which obsoletes RFC 2461): neighbor discovery for IPv6 RFC 4862 (which obsoletes RFC 2462): IPv6 stateless address autoconfiguration RFC 1981: path MTU discovery RFC 4007: IPv6 scoped address architecture RFC 3484: default address selection mechanism RFC 5214 (which obsoletes RFC 4214): ISATAP tunneling RFC 4293: MIB IPv6: textual conventions and general group RFC 3595: textual conventions for IPv6 flow label |
Management | |
Cisco Business Dashboard | Support for embedded probe for Cisco Business Dashboard running on the switch. Eliminates the need to set up a separate hardware or virtual machine for the Cisco Business Dashboard Probe on site |
Cisco Business mobile app | Mobile app for Cisco Business Switch and Wireless products. Helps to set up a local network in minutes and provide easy management at your fingertips |
Cisco Network Plug and Play (PnP) agent | The Cisco Network Plug and Play solution provides a simple, secure, unified, and integrated offering to ease new branch or campus device rollouts or for provisioning updates to an existing network. The solution provides a unified approach to provision Cisco routers, switches, and wireless devices with a near-zero-touch deployment experience Supports Cisco PnP Connect |
Web user interface | Built-in switch configuration utility for easy browser-based device configuration (HTTP/HTTPS). Supports simple and advanced mode, configuration, wizards, customizable dashboard, system maintenance, monitoring, online help, and universal search |
SNMP | SNMP versions 1, 2c, and 3 with support for traps, and SNMP version 3 User-based Security Model (USM) |
Remote Monitoring (RMON) | Embedded RMON software agent supports 4 RMON groups (history, statistics, alarms, and events) for enhanced traffic management, monitoring, and analysis |
IPv4 and IPv6 dual stack | Coexistence of both protocol stacks to ease migration |
Firmware upgrade | Web browser upgrade (HTTP/HTTPS) and TFTP and upgrade over SCP running over SSH Dual images for resilient firmware upgrades |
Port mirroring | Traffic on a port can be mirrored to another port for analysis with a network analyzer or RMON probe. Up to 8 source ports can be mirrored to one destination port |
VLAN mirroring | Traffic from a VLAN can be mirrored to a port for analysis with a network analyzer or RMON probe. Up to 8 source VLANs can be mirrored to one destination port |
DHCP (options 12, 66, 67, 82, 129, and 150) | DHCP options facilitate tighter control from a central point (DHCP server) to obtain IP address, autoconfiguration (with configuration file download), DHCP relay, and hostname |
Secure Copy (SCP) | Securely transfer files to and from the switch |
Autoconfiguration with Secure Copy (SCP) file download | Enables secure mass deployment with protection of sensitive data |
Text-editable config files | Config files can be edited with a text editor and downloaded to another switch, facilitating easier mass deployment |
Smartports | Simplified configuration of QoS and security capabilities |
Auto Smartports | Applies the intelligence delivered through the Smartport roles and applies it automatically to the port based on the devices discovered over Cisco Discovery Protocol or LLDP-MED. This facilitates zero-touch deployments |
Textview CLI | Scriptable command-line interface. A full CLI as well as a menu-based CLI is supported. User privilege levels 1, 7, and 15 are supported for the CLI |
Localization | Localization of GUI and documentation into multiple languages |