Specifications
From The Manufacturer
Cisco CBS350-48P-4G Switch Specifications:
Feature | Description |
Capacity in Millions of Packets per Second (mpps) (64-byte packets) | 77.38 |
Switching Capacity in Gigabits per Second (Gbps) | 104.0 |
Spanning Tree Protocol | Standard 802.1d Spanning Tree support Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]), enabled by default Multiple Spanning Tree instances using 802.1s (MSTP); 8 instances are supported Per-VLAN Spanning Tree Plus (PVST+) and Rapid PVST+ (RPVST+); 126 instances are supported |
Port grouping/link aggregation | Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP) Up to 8 groups Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation |
VLAN | Support for up to 4,094 VLANs simultaneously Port-based and 802.1Q tag-based VLANs; MAC-based VLAN; protocol-based VLAN; IP subnet-based VLAN Management VLAN Private VLAN with promiscuous, isolated, and community port Private VLAN Edge (PVE), also known as protected ports, with multiple uplinks Guest VLAN, unauthenticated VLAN Dynamic VLAN assignment via RADIUS server along with 802.1x client authentication CPE VLAN Voice VLAN Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS. Voice Services Discovery Protocol (VSDP) delivers network-wide zero-touch deployment of voice endpoints and call control devices Multicast TV VLAN Multicast TV VLAN allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs. This feature is also known as Multicast VLAN Registration (MVR) VLAN Translation Support for VLAN One-to-One Mapping. In VLAN One-to-One Mapping, on an edge interface customer VLANs (C-VLANs) are mapped to service provider VLANs (S-VLANs) and the original C-VLAN tags are replaced by the specified S-VLAN Q-in-Q VLANs transparently cross a service provider network while isolating traffic among customers Selective Q-in-Q Selective Q-in-Q is an enhancement to the basic Q-in-Q feature and provides, per edge interface, multiple mappings of different C-VLANs to separate S-VLANs Selective Q-in-Q also allows configuring of Ethertype (Tag Protocol Identifier [TPID]) of the S-VLAN tag Layer 2 protocol tunneling over Q-in-Q is also supported Generic VLAN Registration Protocol (GVRP)/Generic Attribute Registration Protocol (GARP) Generic VLAN Registration Protocol (GVRP) and Generic Attribute Registration Protocol (GARP) enable automatic propagation and configuration of VLANs in a bridged domain |
Unidirectional Link Detection (UDLD) | UDLD monitors physical connection to detect unidirectional links caused by incorrect wiring or cable/port faults to prevent forwarding loops and blackholing of traffic in switched networks |
Dynamic Host Configuration Protocol (DHCP) Relay at Layer 2 | Relay of DHCP traffic to DHCP server in different VLAN; works with DHCP Option 82 |
Internet Group Management Protocol (IGMP) versions 1, 2, and 3 snooping | IGMP limits bandwidth-intensive multicast traffic to only the requesters; supports 2K multicast groups (source-specific multicasting is also supported) |
IGMP Querier | IGMP querier is used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router |
IGMP proxy | The IGMP proxy provides a mechanism for multicast forwarding based on IGMP membership information without the need for more complicated multicast routing protocols. |
Head-of-Line (HOL) blocking | HOL blocking prevention |
Loopback Detection | Loopback detection protects loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. It operates independently of STP |
Layer 3 | IPv4 routing Wirespeed routing of IPv4 packets Up to 990 static routes and up to 128 IP interfaces IPv6 routing Wirespeed routing of IPv6 packets Layer 3 Interface Configuration of Layer 3 interface on physical port, Link Aggregation (LAG), VLAN interface, or loopback interface Classless Interdomain Routing (CIDR) Support for classless interdomain routing RIP v2 Support for Routing Information Protocol version 2 for dynamic routing Policy-Based Routing (PBR) Flexible routing control to direct packets to different next hop based on IPv4 or IPv6 Access Control List (ACL) DHCP Server Switch functions as an IPv4 DHCP server serving IP addresses for multiple DHCP pools/scopes Support for DHCP options DHCP relay at Layer 3 Relay of DHCP traffic across IP domains User Datagram Protocol (UDP) relay Relay of broadcast information across Layer 3 domains for application discovery or relaying of Bootstrap Protocol (BOOTP)/DHCP packets |
Stacking | Hardware stacking Up to 4 units in a stack. Up to 200 ports managed as a single system with hardware failover Stacking is supported on the following models: CBS350-24T-4X, CBS350-24P-4X, CBS350-24FP-4X, CBS350-48T-4X, CBS350-48P-4X, CBS350-48FP-4X CBS350-8MP-2X, CBS350-24MGP-4X, CBS350-12NP-4X, CBS350-24NGP-4X, CBS350-48NGP-4X CBS350-8XT, CBS350-12XS, CBS350-12XT, CBS350-16XTS, CBS350-24XS, CBS350-24XT, CBS350-24XTS, CBS350-48XT-4X High availability Fast stack failover delivers minimal traffic loss. Support link aggregation across multiple units in a stack Plug-and-play stacking configuration/management Active/standby for resilient stack control Autonumbering Hot swap of units in stack Ring and chain stacking options, auto stacking port speed, flexible stacking port options High-speed stack interconnects Cost-effective high-speed 10G fiber interfaces. |
Security | Secure Shell (SSH) Protocol SSH is a secure replacement for Telnet traffic. Secure Copy Protocol (SCP) also uses SSH. SSH v1 and v2 are supported Secure Sockets Layer (SSL) SSL support: Encrypts all HTTPS traffic, allowing highly secure access to the browser-based management GUI in the switch IEEE 802.1X (Authenticator role) 802.1X: Remote Authentication Dial-In User Service (RADIUS) authentication and accounting, MD5 hash; guest VLAN; unauthenticated VLAN, single/multiple host mode and single/multiple sessions Supports time-based 802.1X; dynamic VLAN assignment; MAC authentication IEEE 802.1X supplicant A switch can be configured to act as a supplicant to another switch. This enables extended secure access in areas outside the wiring closet (such as conference rooms) Web-based authentication Web-based authentication provides network admission control through web browser to any host devices and operating systems STP Bridge Protocol Data Unit (BPDU) Guard A security mechanism to protect the network from invalid configurations. A port enabled for BPDU Guard is shut down if a BPDU message is received on that port. This avoids accidental topology loops STP Root Guard This prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes STP loopback guard Provides additional protection against Layer 2 forwarding loops (STP loops) DHCP snooping Filters out DHCP messages with unregistered IP addresses and/or from unexpected or untrusted interfaces. This prevents rogue devices from behaving as DHCP Servers. IP Source Guard (IPSG) When IP Source Guard is enabled at a port, the switch filters out IP packets received from the port if the source IP addresses of the packets have not been statically configured or dynamically learned from DHCP snooping. This prevents IP address spoofing. Dynamic ARP Inspection (DAI) The switch discards ARP packets from a port if there are no static or dynamic IP/MAC bindings or if there is a discrepancy between the source or destination addresses in the ARP packet. This prevents man-in-the-middle attacks. IP/MAC/Port Binding (IPMB) The preceding features (DHCP Snooping, IP Source Guard, and Dynamic ARP Inspection) work together to prevent DOS attacks in the network, thereby increasing network availability Secure Core Technology (SCT) Makes sure that the switch will receive and process management and protocol traffic no matter how much traffic is received Secure Sensitive Data (SSD) A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices, and secure auto config. Access to view the sensitive data as plaintext or encrypted is provided according to the user-configured access level and the access method of the user. Trustworthy systems Trustworthy systems provide a highly secure foundation for Cisco products Run-time defenses (Executable Space Protection [X-Space], Address Space Layout Randomization [ASLR]) Image signing, integrity verification, and Secure Boot Prohibits unsigned images from booting, unauthorized software from running, and sensitive data from being accessed even in the event of a compromise. All devices covered by this datasheet have the hardware support for trustworthy systems and will be supported by a software update later in the calendar year Port security Ability to lock Source MAC addresses to ports, and limit the number of learned MAC addresses RADIUS/TACACS+ Supports RADIUS and TACACS authentication. Switch functions as a client Storm control Broadcast, multicast, and unknown unicast DoS attack prevention DoS attack prevention maximizes network uptime in the presence of an attack Private VLAN Edge (PVE) PVE (also known as protected ports) provides Layer 2 isolation between devices on the same VLAN. This isolation extends to multiple uplinks Port-based ACLs (PBACLs) Support for up to 1k rules MAC-based ACLs (MACLs) Support for up to 1k rules IPv4-based ACLs (IPv4ACLs) Support for up to 1k rules IPv6-based ACLs (IPv6ACLs) Support for up to 1k rules ACLs on VLAN interfaces Ingress ACLs Support for up to 1k ingress rules and up to 256 egress rules Support for both class maps and policy maps ACLs ACL Logging ACLs can be applied on both the ingress and egress interfaces to restrict access to sensitive network resources by denying packets based on source and destination MAC addresses, IP addresses, TCP/UDP ports, or VLANs. ACLs are hardware supported, so switching performance is not compromised. Quality of Service (QoS) ACLs Support for up to 512 rules Time-based ACLs supported Dynamic ACL assignment through RADIUS is supported IPv6 First Hop Security First Hop Security for IPv6 (IPv6 FHS) in the switch is a set of features intended to protect IPv6 networks from Layer 2 attacks and optimize IPv6 neighbor discovery: IPv6 snooping, DHCPv6 guard, IPv6 RA guard, IPv6 binding integrity guard, IPv6 ND inspection, IPv6 Source Guard, and IPv6 Destination Guard Critical Voice VLAN Authentication Enables secure deployment of IP phones and users. Supports authentication of a voice device in the voice VLAN, as well as a PC or other device connected to the phone’s downstream port. SSHv2 Secure management sessions over a secure SSH connection System event logging Provides event logging via local flash and syslog servers. Multiple messages are sent based on severity level. Login Banner Configured login banners for web as well as CLIs Smart Network Application (SNA) Login Secure Single Sign-On (SSO) enables login to SNA with higher security without repeated requests for user credentials Smartport Event Logging Intelligent logging based on predefined Smartport macros FindIT Network Probe (FNP) and FindIT Network Manager (FNM) Encrypted communications between switches in FindIT mode and FindIT Network Probe/FindIT Network Manager Flexible mounting options: Supports desktop, wall, and rack-mount options LED Indicators System, link, speed, and PoE if equipped Optical port LEDs: link/activity/duplex Fan Tray: Individual Fan Tray Indicators (FAN, PS, PSU, and temperature indicators) |
Availability and reliability | Link Aggregation (LAG) Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP) Up to 8 groups Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad link aggregation Unidirectional Link Detection (UDLD) UDLD monitors physical connection to detect unidirectional links caused by incorrect wiring or cable/port faults to prevent forwarding loops and black holing of traffic in switched networks Flex Links Layer 2 interface pairs can be configured to act as backup to each other with bidirectional failover. Flex Links are typically configured in service provider or enterprise access networks where customers require a link failover to be independent of STP. Link State Tracking Provides Layer 2 failover between links for servers or dual-homed servers connected to the switch |
Traffic management | Ingress policer Ingress policer limits incoming traffic and can be applied based on port, class of service (CoS), and VLAN Shaping and rate limiting Per-port and per-queue output shaping and rate limiting with minimum granularity of 64 kbps Congestion avoidance mechanisms including weighted random early detection (WRED) |
Time-based ACLs and QoS | ACLs and QoS policies can be applied to a certain time of day and date |
Loopback Detection | Loopback detection protects loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. It operates independently of STP |
SNMP | SNMP versions 1, 2c, and 3 with support for traps Remote monitoring (RMON) for enhanced traffic management, monitoring, and analysis Up to 4 RMON groups (history, statistics, alarms, and events) are supported SNMP traps deliver information on alert events that occur on the switch |
Standards | IEEE 802.3 10BASE-T Ethernet, IEEE 802.3u 100BASE-TX Fast Ethernet, IEEE 802.3ab 1000BASE-T Gigabit Ethernet, IEEE 802.3z 1000BASE-X, IEEE 802.3ae 10GBASE-X, IEEE 802.3an 10GBASE-T, IEEE 802.3az Energy-Efficient Ethernet (EEE), IEEE 802.3ad LACP, IEEE 802.3af Power over Ethernet (PoE), IEEE 802.3at PoE Plus, IEEE 802.1p QoS, IEEE 802.1q VLAN Tagging, IEEE 802.1d Spanning Tree Protocol, IEEE 802.1w Rapid Spanning Tree Protocol (RSTP), IEEE 802.1s Multiple Spanning Tree Protocol (MSTP), IEEE 802.1x Port Access Authentication, IEEE 802.3x Flow Control, RFC 768 UDP, RFC 783 TFTP, RFC 791 IP, RFC 792 ICMP, RFC 793 TCP, RFC 826 ARP, RFC 854 Telnet, RFC 951 BOOTP, RFC 1321 MD5, RFC 1492 TACACS+, RFC 1541/1542 DHCP (client and relay), RFC 2131 DHCP, RFC 2138 RADIUS, RFC 2236 IGMP, RFC 3376 IGMP v3, RFC 3414/3415 SNMP, RFC 3579 802.1X with RADIUS, RFC 3580 802.1X RADIUS |
Layer 2 switching | Spanning Tree Protocol Standard 802.1d Spanning Tree support Fast convergence using 802.1w (Rapid Spanning Tree [RSTP]), enabled by default Multiple Spanning Tree instances using 802.1s (MSTP); 8 instances are supported Per-VLAN Spanning Tree Plus (PVST+) and Rapid PVST+ (RPVST+); 126 instances are supported Bridge Protocol Data Unit (BPDU) Guard A security mechanism to protect the network from invalid configurations. A port enabled for BPDU Guard is shut down if a BPDU message is received on that port. This avoids accidental topology loops Root Guard This prevents edge devices not in the network administrator’s control from becoming Spanning Tree Protocol root nodes Unidirectional Link Detection (UDLD) UDLD monitors physical connection to detect unidirectional links caused by incorrect wiring or cable/port faults to prevent forwarding loops and black holing of traffic in switched networks Storm control Prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on a port |
Jumbo frames | Jumbo frame support for up to 9,216 bytes |
Energy efficiency | Energy Detect Automatically turns off power on Gigabit Ethernet and 10 Gigabit Ethernet RJ-45 ports when detecting a link down Active mode is resumed without packet loss when the switch detects the link up EEE compliant (802.3az) Supports 802.3az Energy Efficient Ethernet on all copper Gigabit Ethernet ports Energy Efficient PoE (EEE PoE) The PoE switch provides power based on the actual power requirement of the device. It also dynamically adjusts power as needed, resulting in power savings for each switch. Fan control Smart fan speed control is dynamically managed based on switch temperature. These power-saving features are ideal for customers deploying PoE switches in settings where quiet operation is critical. |
Green and eco-friendly attributes | All switches are IEEE 802.3az (Energy Efficient Ethernet) compliant. Energy Detect technology automatically turns off power on Gigabit Ethernet and 10 Gigabit Ethernet RJ-45 ports when detecting a link down, active mode is resumed without packet loss when the switch detects the link up. IEEE 802.3af Power over Ethernet (PoE) and IEEE 802.3at PoE Plus (PoE+) compliant. Power Over Ethernet (PoE) – 802.3af/at compliant, Power Over Ethernet (PoE) – 802.3bt compliant. The switch provides power based on the actual power requirement of the device. The switch dynamically adjusts power as needed, resulting in power savings. All switches are designed for low power consumption and minimized environmental impact. Packaging designed to minimize environmental impact. RoHS compliant. Switch packaging includes minimal use of materials and those that are used are recycled and recyclable. Energy Efficient Power over Ethernet (EEE PoE): EEE PoE dynamically adjusts power as needed, resulting in power savings for each switch. EEE PoE: Energy Efficient Power over Ethernet (EEE PoE) dynamically adjusts power as needed, resulting in power savings for each switch. Energy Efficient Power over Ethernet (EEE PoE): EEE PoE dynamically adjusts power as needed, resulting in power savings for each switch. Smart fan control: Smart fan speed control is dynamically managed based on switch temperature. These power-saving features are ideal for customers deploying PoE switches in settings where quiet operation is critical. All models are designed to meet energy-saving standards and are compliant with IEEE 802.3az (Energy Efficient Ethernet). IEEE 802.3az (Energy Efficient Ethernet) compliant. RoHS compliant. |
Power Dedicated to PoE | 370W |
Number of Ports That Support PoE | 48 |
System Power Consumption | 110V=60.77W
220V=59.73W |
Power Consumption (with PoE) | 110V=451.95W
220V=445.85W |
Heat Dissipation (BTU/hr) | 1,542.12 |
Total System Ports | 52 x Gigabit Ethernet |
RJ-45 Ports | 48 x Gigabit Ethernet |
Combo Ports (RJ45 + Small form-factor pluggable [SFP]) | 4 x SFP |
Console port | Cisco standard RJ45 console port |
USB slot | USB Type-A slot on the front panel of the switch for easy file and image management |
Buttons | Reset button |
Cabling type | Unshielded Twisted Pair (UTP) Category 5e or better for 1000BASE-T |
LEDs | System, Link/Act, PoE, Speed |
Flash | 256 MB |
CPU | 800 MHz ARM |
DRAM | 512 MB |
Packet Buffer | 3 MB |
Unit dimensions (W x D x H) | 445 x 350 x 44 mm (17.5 x 13.78 x 1.73 in) |
Unit Weight | 5.43 kg (11.97 lb) |
Power | 100-240V 50-60 Hz |
Certification | UL (UL 62368), CSA (CSA 22.2), CE mark, FCC Part 15 (CFR 47) Class A |
Operating Temperature | 23° to 122°F (-5° to 50°C) |
Storage Temperature | -13° to 158°F (-25° to 70°C) |
Operating Humidity | 10% to 90%, relative, noncondensing |
Storage Humidity | 10% to 90%, relative, noncondensing |
FAN (Number) | 1 |
Acoustic Noise | 25°C: 37.3 dBA |
MTBF at 25°C (hours) | 856,329 |
Warranty | Limited lifetime with next business day advance replacement (where available) |
Package Contents | ● Cisco Business 350 Series Managed Switch
● Power Cord (Power adapter for select 8-port and 16-port SKUs) ● Mounting Kit ● Quick Start Guide |
Minimum Requirements | ● Web browser: Chrome, Firefox, Edge, Safari
● Category 5e Ethernet network cable ● TCP/IP, network adapter, and network operating system (such as Microsoft Windows, Linux, or Mac OS X) installed |