The company said it will add software features for switches in its Catalyst 3550 Series and 2950 Series that let administrators secure their network management traffic, control access to company resources and require user names and passwords from employees logging on to the network.
The moves are part of an overall Cisco strategy to provide security throughout the network, using both dedicated security appliances and security capabilities that are built into other equipment. The security functions now offered for the desktop switches, which are the boxes where end users connect to the local area network (LAN), are part of a blueprint for security that reaches from the edge of the LAN into the service-provider network.
On some switches Cisco will add SSH (Secure Shell) and SNMP (Simple Network Management Protocol) Version 3 technology for encrypting network management traffic. Port-based ACLs (Access Control Lists) that run at wire speed, without degrading performance, will keep users away from restricted resources. In addition, Cisco is extending the IEEE 802.1x standard for user authentication to Catalyst 2950 Series switches with Standard Software Image.
Cisco will also add DHCP (Dynamic Host Configuration Protocol) Interface Tracker to the 3550 Series. This provides an easier mechanism for tracking down a DHCP (Dynamic Host Configuration Protocol) user who may be connecting from an unauthorised location.
"Although you may have been able to do something similar before, it actually makes it doable from an administrator's standpoint," said Ishmael Limkakeng, product line manager for Cisco's desktop switching business unit.
Cisco has also enhanced its Cisco Secure URT (User Registration Tool) software, allowing users to sign on to the network securely with a Web browser, and added support for LDAP (Lightweight Directory Access Protocol) authentication. URT can also work with RADIUS (Remote Access Dial-in User Service) authentication on the Cisco Secure Access Control Server. Available previously on the 3550 Series switches, URT has been added to the 2950 line.
In addition to introducing the new security software, Cisco has unveiled the Catalyst 3550-24-FX-SMI which is equipped with 24 100Base-FX ports that carry Fast Ethernet traffic via multimode fibre instead of copper. Snoopers cannot tap fibre in the same way as copper and some service providers need the longer reach provided by fibre, Limkakeng said. The switch is also equipped with two slots for fibre or copper Gigabit Ethernet interfaces.