Cisco Systems, Inc.
All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 4 of 19
Controller Access Control System (TACACS+) or RADIUS server, 802.1x provides port-level security. SNMPv3
(non-crypto) monitors and controls network devices as well as manages configurations, performance, collection of
statistics and security.
With the multi-layer Cisco Catalyst 2950 LRE switches, network managers can implement high levels of console
security. Multilevel access security on the switch console and the web-based management interface prevents
unauthorized users from accessing or altering switch configuration TACACS+ or RADIUS authentication enables
centralized access control of the switch and restricts unauthorized users from altering the configuration. Deploying
security can be done through Cisco CMS Software Security Wizards, which ease the deployment of security features
that restrict user access to a server, a portion of the network, or access to the network.
Network Control through Advanced Quality of Service and Rate Limiting
The Catalyst 2950 LRE Series switches offer superior and highly granular QoS based on Layer 2-4 information, to
ensure that network traffic is classified, prioritized, and congestion is avoided in the best possible manner. The Catalyst
2950 LRE Series switches can classify, reclassify, police (determine if the packet is in or out of predetermined profiles
and affect actions on the packet), and mark or drop the incoming packets before the packet is placed in the shared
buffer. Packet classification allows the network elements to discriminate between various traffic flows and enforce
policies based on Layer 2 and Layer 3 QoS fields.
To implement QoS, these switches first identify traffic flows, or packet groups, and classify or reclassify these groups
using the DiffServ Code Point field (DSCP) in the IP packet and/or the 802.1p class of service (CoS) field in the
Ethernet packet. Classification and reclassification can also be based on criteria as specific as the source/destination
IP address, source/destination MAC address or the Layer 4 Transmission Control Protocol (TCP)/User Datagram
Protocol (UDP) ports. At the ingress (incoming port) level, the Catalyst switches will also perform policing and
marking of the packet.
After the packet goes through classification, policing, and marking, it is then assigned to the appropriate queue before
exiting the switch. The Catalyst 2950 LRE Series switches support four egress (outgoing port) queues per port, which
allows the network administrator to be more discriminating and specific in assigning priorities for the various
applications on the LAN. At the egress level, the switch performs scheduling, which is an algorithm/process that
determines the order in which the queues are processed. The switches support Weighted Round Robin (WRR)
scheduling or strict priority scheduling. The WRR scheduling algorithm ensures that the lower priority packets are
not entirely starved for bandwidth and are serviced without compromising the priority settings administered by the
network manager. Strict priority scheduling ensures that the highest priority packets will always get serviced first,
ahead of all other traffic, and that the other three queues will be serviced using WRR best effort.
These features allow network administrators to prioritize mission-critical and/or bandwidth-intensive traffic, such
as ERP (Oracle, SAP, and so on), voice (IP telephony traffic) and CAD/CAM over less time-sensitive applications
such as FTP or e-mail (SMTP). For example, it would be highly undesirable to have a large file download destined
to one port on a wiring closet switch and have quality implications such as increased latency in voice traffic, destined
to another port on this switch. This condition is avoided by ensuring that voice traffic is properly classified and
prioritized throughout the network. Other applications, such as web browsing, can be treated as low priority and
handled on a best-efforts basis.
To Next Page
Loading...
