Like Prussian soldiers, Cisco Systems Inc. continued its march to advance its Intelligent Information Network vision for embedding advanced services into the network with a range of new software and hardware enhancements for the Catalyst line of modular and stackable switches.
The enhancements, launched Thursday at the CeBIT exhibition in Hannover, Germany, span the Catalyst 6500, Catalyst 4500 and Catalyst 3750 network switches, bringing new security, manageability and performance to the network core, data center and wiring closets.
New software-based security enhancements, applicable across all Catalyst switches, layer on such new features as the ability to lock down ports to prevent MAC address flooding attacks; prevent attacks coming from false DHCP servers; and restrict network access through port-level Access Control Lists. Cisco also extended the authentication capabilities in standard IEEE 802.1x to be able to assign authenticated traffic to a specific virtual LAN or add QOS (quality of service) features as well as prevent denial-of-service attacks by dynamically inspecting Address Resolution Protocol traffic and binding appropriate MAC and IP addresses to specific ports.
"Were looking at how to make the physical network provide a layer of defense. With [distributed denial-of-service attacks], spoofing and other attacks bogging the network down, you need pervasive security within the switch to mitigate such attacks," said Steven Shalita, senior manager for worldwide product marketing at Cisco in Hannover.
Cisco also sought to reduce the complexity of configuring more advanced services such as QOS for voice Over IP through new macro templates that package a series of command language interface configuration commands into a more digestible whole. The templates can still be customized, but the intent is to "make it simpler to implement these features," said Shalita. "You can download from a Web site everything you need for voice QOS," he added.
Shalita acknowledged that such complexity has held back adoption of those advanced features. "For large organizations it provides a great way to consistently deploy the same configuration across a large-scale network, and SMB environments that dont have big staffs can [more easily exploit the advanced features]," he said.