Product Description
Performance | ||||||||||||||
Switching capacity and forwarding rate All switches are wire speed and nonblocking | Product name | Capacity in Mpps (64-byte packets) | Switching capacity (Gbps) | |||||||||||
SG350X-8PMD | 29.76 | 80 | ||||||||||||
SG350X-12PMV | 148.80 | 200 | ||||||||||||
SG350X-24 | 95.23 | 128 | ||||||||||||
SG350X-24P | 95.23 | 128 | ||||||||||||
SG350X-24MP | 95.23 | 128 | ||||||||||||
SG350X-24PD | 104.16 | 140 | ||||||||||||
SG350X-24PV | 142.85 | 192 | ||||||||||||
SG350X-48 | 130.94 | 176 | ||||||||||||
SG350X-48P | 130.94 | 176 | ||||||||||||
SG350X-48MP | 130.94 | 176 | ||||||||||||
SG350X-48PV | 178.56 | 240 | ||||||||||||
SG350XG-2F10 | 178.56 | 240 | ||||||||||||
SG350XG-24F | 357.12 | 480 | ||||||||||||
SG350XG-24T | 357.12 | 480 | ||||||||||||
SG350XG-48T | 714.24 | 960 | ||||||||||||
SX350X-08 | 119.05 | 160 | ||||||||||||
SX350X-12 | 178.56 | 240 | ||||||||||||
SX350X-24F | 357.12 | 480 | ||||||||||||
SX350X-24 | 357.12 | 480 | ||||||||||||
SX350X-52 | 755.81 | 1040 | ||||||||||||
Layer 2 switching | ||||||||||||||
Spanning Tree Protocol | Standard 802.1d spanning tree support Fast convergence using 802.1w (Rapid Spanning Tree Protocol [RSTP]), enabled by default Multiple spanning tree instances using 802.1s (MSTP); 8 instances are supported Per-VLAN Spanning Tree Plus (PVST+); 126 instances are supported Rapid PVST+ (RPVST+); 126 instances are supported | |||||||||||||
Port grouping and link aggregation | Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP) ● Up to 8 groups ● Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad LAG | |||||||||||||
VLAN | Support for up to 4094 active VLANs simultaneously; port-based and 802.1Q tag-based VLANs; MAC-based VLAN Management VLAN Private VLAN with promiscuous, isolated, and community port Guest VLAN, unauthenticated VLAN, protocol-based VLAN, IP subnet-based VLAN, CPE VLAN Dynamic VLAN assignment using RADIUS server along with 802.1X client authentication | |||||||||||||
Voice VLAN | Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS. Auto voice capabilities deliver networkwide zero-touch deployment of voice endpoints and call control devices | |||||||||||||
Multicast TV VLAN | Multicast TV VLAN allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs. This feature is also known as Multicast VLAN Registration (MVR) | |||||||||||||
VLAN translation | Support for VLAN One-to-One Mapping. In VLAN One-to-One Mapping, on an edge interface, Customer VLANs (C-VLANs) are mapped to service provider VLANs (S-VLANs) and the original C-VLAN tags are replaced by the specified S-VLAN | |||||||||||||
Q-in-Q | VLANs transparently cross over a service provider network while isolating traffic among customers | |||||||||||||
Selective Q-in-Q | Selective Q-in-Q is an enhancement to the basic Q-in-Q feature and provides, per edge interface, multiple mappings of different C-VLANs to separate S-VLANs Selective Q-in-Q also allows configuration of the EtherType (TPID) of the S-VLAN tag Layer 2 protocol tunneling over Q-in-Q is also supported | |||||||||||||
GVRP/GARP | Generic VLAN Registration Protocol (GVRP) and Generic Attribute Registration Protocol (GARP) enable automatic propagation and configuration of VLANs in a bridged domain | |||||||||||||
UDLD | Unidirectional Link Detection (UDLD) monitors physical connections to detect unidirectional links caused by incorrect wiring or port faults to prevent forwarding loops and blackholing of traffic in switched networks | |||||||||||||
DHCP relay at Layer 2 | Relay of DHCP traffic to a DHCP server in a different VLAN. Works with DHCP option 82 | |||||||||||||
IGMP (versions 1, 2, and 3) snooping | Internet Group Management Protocol (IGMP) limits bandwidth-intensive multicast traffic to only the requesters; it supports 4000 multicast groups (source-specific multicasting is also supported) | |||||||||||||
IGMP querier | Used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router | |||||||||||||
HOL blocking | Head-Of-Line (HOL) blocking | |||||||||||||
Layer 3 | ||||||||||||||
IPv4 routing | Wirespeed routing of IPv4 packets Up to 990 static routes and up to 128 IP interfaces | |||||||||||||
Wirespeed IPv6 static routing | Up to 245 static routes and up to 106 IPv6 interfaces | |||||||||||||
Layer 3 interface | Configuration of Layer 3 interface on physical port, LAG, VLAN interface, or loopback interface | |||||||||||||
CIDR | Support for Classless Interdomain Routing (CIDR) | |||||||||||||
DHCP server | Switch functions as an IPv4 DHCP server serving IP addresses for multiple DHCP pools and scopes Support for DHCP options | |||||||||||||
DHCP relay at Layer 3 | Relay of DHCP traffic across IP domains | |||||||||||||
User Datagram Protocol (UDP) relay | Relay of broadcast information across Layer 3 domains for application discovery or relaying of BOOTP/DHCP packets | |||||||||||||
Stacking | ||||||||||||||
Hardware stack | Up to four units in a stack. Up to 208 ports managed as a single system with hardware failover | |||||||||||||
High availability | Fast stack failover delivers minimal traffic loss. Supports link aggregation across multiple units in a stack | |||||||||||||
Plug-and-play stacking configuration and management | Master and backup for resilient stack control Auto-numbering Hot swap of units in stack Ring and chain stacking options, auto-stacking port speed, flexible stacking port options | |||||||||||||
High-speed stack interconnects | Cost-effective high-speed 10G fiber and copper interfaces. Support LAG as stacking interconnects for even higher bandwidth | |||||||||||||
Hybrid stack | A mix of SG350X, SG350XG, and SX350X switches in the same stack (Gigabit and 10 Gigabit Ethernet) | |||||||||||||
Security | ||||||||||||||
SSH | Secure Shell (SSH) is a secure replacement for Telnet traffic. Secure Copy (SCP) also uses SSH. SSH versions 1 and 2 are supported | |||||||||||||
SSL | Secure Sockets Layer (SSL) encrypts all HTTPS traffic, allowing secure access to the browser-based management GUI in the switch | |||||||||||||
IEEE 802.1X (authenticator role) | RADIUS authentication and accounting, MD5 hash, guest VLAN, unauthenticated VLAN, single- and multiple-host mode, and single and multiple sessions Supports time-based 802.1X dynamic VLAN assignment | |||||||||||||
IEEE 802.1X supplicant | A switch can be configured to act as a supplicant to another switch. This enables extended secure access in areas outside the wiring closet (such as conference rooms) | |||||||||||||
Web-based authentication | Web-based authentication provides Network Admission Control (NAC) through a web browser to any host devices and operating systems | |||||||||||||
STP BPDU Guard | A security mechanism to protect the networks from invalid configurations. A port enabled for Bridge Protocol Data Unit (BPDU) Guard is shut down if a BPDU message is received on that port. This avoids accidental topology loops | |||||||||||||
STP Root Guard | Prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes | |||||||||||||
DHCP snooping | Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces. This prevents rogue devices from behaving as DHCP servers | |||||||||||||
IP Source Guard (IPSG) | When IPSG is enabled at a port, the switch filters out IP packets received from the port if the source IP addresses of the packets have not been statically configured or dynamically learned from DHCP snooping. This prevents IP address spoofing | |||||||||||||
Dynamic ARP Inspection (DAI) | The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if there is a discrepancy between the source or destination address in the ARP packet. This prevents man-in-the-middle attacks | |||||||||||||
IP/MAC/Port Binding (IPMB) | The preceding features (DHCP snooping, IPSG, and DAI) work together to prevent DoS attacks in the network, thereby increasing network availability | |||||||||||||
Secure Core Technology (SCT) | Makes sure that the switch will receive and process management and protocol traffic no matter how much traffic is received | |||||||||||||
Secure Sensitive Data (SSD) | A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices and secure auto-configuration. Access to view the sensitive data as plain text or encrypted is provided according to the user-configured access level and the access method of the user | |||||||||||||
Trustworthy systems | Trustworthy systems provide a highly secure foundation for Cisco products Run-time defenses (Executable Space Protection [X-Space], Address Space Layout Randomization [ASLR], Built-In Object Size Checking [BOSC]) Image signing and Secure Boot on select models (SG350X-12PMV, SG350X-24PV, SG350X-48PV, and all SX350X models) | |||||||||||||
Private VLAN | Provides security and isolation between switch ports, which helps ensure that users cannot snoop on other users’ traffic; supports multiple uplinks | |||||||||||||
Port security | Provides the ability to lock source MAC addresses to ports and limit the number of learned MAC addresses | |||||||||||||
RADIUS and TACACS+ | Supports RADIUS and TACACS authentication. Switch functions as a client | |||||||||||||
RADIUS accounting | The RADIUS accounting functions allow data to be sent at the start and end of services, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session | |||||||||||||
Storm control | Broadcast, multicast, and unknown unicast | |||||||||||||
DoS prevention | Denial-of-Service (DoS) attack prevention |