WS-C3650-48TS-E integrates forty-eight Gigabit Ethernet ports and four fixed 1G SFP uplink ports in IP service feature set that enables advanced layer 3 routing performance with superior QoS capabilities.
Quick Specs
Table 1 shows the Quick Specs.
| Product Code |
WS-C3650-48TS-E |
| Enclosure Type |
Rack-mountable - 1U |
| Feature Set |
IP Service |
| Uplink Interfaces |
4 x 1G SFP |
| Ports |
48 x 10/100/1000 Ethernet ports |
| Maximum stacking number |
9 |
| Stack bandwidth |
160 Gpbs |
| Forwarding Performance |
77.37 Mpps |
| Switching Capacity |
176 Gbps |
| RAM |
4 G |
| Flash Memory |
2G |
| Number of AP per switch/stack |
50 |
| Number of wireless clients per switch/stack |
1000 |
| Dimensions |
44.5 cm x 44.8 cm x 4.4 cm |
Network Management Tools
The Cisco Catalyst 3650 Series Switches offer both a superior CLI for detailed configuration and Cisco Prime™ infrastructure for unified wired plus wireless management. Cisco Prime infrastructure provides day 0 and ongoing provisioning, ongoing monitoring and maintenance, configuration templates, and device and user 360-degree views and serves as the FNF collector for user traffic views using the Cisco Prime Assurance Manager module.
Advanced Security Features
Cisco Catalyst 3650 Series Switches support advanced security features including but not limited to:
● Protection against attackers:
◦ Port security secures the access to an access or trunk port based on MAC address. It limits the number of learned MAC addresses to deny MAC address flooding.
◦ DHCP snooping prevents malicious users from spoofing a DHCP server and sending out bogus addresses. This feature is used by other primary security features to prevent a number of other attacks such as ARP poisoning.
◦ Dynamic ARP inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting the insecure nature of ARP.
◦ IP source guard prevents a malicious user from spoofing or taking over another user’s IP address by creating a binding table between the client’s IP and MAC address, port, and VLAN.
◦ The Unicast Reverse Path Forwarding (RPF) feature helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
◦ Bidirectional data support on the SPAN port allows the Cisco intrusion detection system (IDS) to take action when an intruder is detected.
● User authentication:
◦ Flexible authentication that supports multiple authentication mechanisms, including 802.1X, MAC authentication bypass, and web authentication using a single, consistent configuration.
◦ RADIUS change of authorization and downloadable calls for comprehensive policy management capabilities.
◦ Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multiaccess like segment. Private VLAN edge provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic.
◦ Multidomain authentication allows an IP phone and a PC to authenticate on the same switch port while placing them on appropriate voice and data VLAN.
◦ MAC address notification allows administrators to be notified of users added to or removed from the network.
◦ Mobility and security for secure, reliable wireless connectivity and consistent end-user experience. Increased network availability through proactive blocking of known threats.
◦ IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.
● ACLs:
◦ Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.
◦ Cisco standard and extended IP security router ACLs define security policies on routed interfaces for control-plane and data-plane traffic. IPv6 ACLs can be applied to filter IPv6 traffic.
◦ Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
● Device access:
◦ Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.
◦ TACACS+ and RADIUS authentication facilitates centralized control of the switch and restricts unauthorized users from altering the configuration.
◦ Multilevel security on console access prevents unauthorized users from altering the switch configuration.
● Bridge protocol data unit (BPDU) Guard shuts down Spanning Tree PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
● Spanning Tree Root Guard (STRG) prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes.
● Wireless end-to-end security offers CAPWAP-compliant DTLS encryption to make sure of encryption between access points and controllers across remote WAN/LAN links.
Your message must be between 20-3,000 characters!
