1-7
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
78-11380-12
Chapter 1 Overview
Features
• DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
(available only with the EI)
• Multilevel security for a choice of security level, notification, and resulting actions
• MAC-based port-level security for restricting the use of a switch port to a specific group of source
addresses and preventing switch access from unauthorized stations
• TACACS+, a proprietary feature for managing network security through a TACACS server
• IEEE 802.1x port-based authentication to prevent unauthorized devices from gaining access to the
network
• IEEE 802.1x accounting to track network usage
• IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame
• Standard and extended IP access control lists (ACLs) for defining security policies (available only
with the EI)
Quality of Service and Class of Service
• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues (only available in the EI)
• Classification
–
IEEE 802.1p class of service (CoS) with four priority queues on the switch 10/100 and LRE
ports and eight priority queues on the Gigabit ports for prioritizing mission-critical and
time-sensitive traffic from data, voice, and telephony applications
–
IP Differentiated Services Code Point (IP DSCP) and CoS marking priorities on a per-port basis
for protecting the performance of mission-critical applications (only available with the EI)
–
Flow-based packet classification (classification based on information in the MAC, IP, and
TCP/UDP headers) for high-performance quality of service at the network edge, allowing for
differentiated service levels for different types of network traffic and for prioritizing
mission-critical traffic in the network (only available in the EI)
–
Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of
high-priority voice traffic
–
Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and
ensure port security. If the IP phone is not detected, disable the trusted setting on the port and
prevent misuse of a high-priority queue.)
• Policing
–
Traffic-policing policies on the switch port for allocating the amount of the port bandwidth to
a specific traffic flow
–
Policing traffic flows to restrict specific applications or traffic flows to metered, predefined
rates
–
Up to 60 policers on ingress Gigabit-capable Ethernet ports
Up to six policers on ingress 10/100 ports
Granularity of 1 Mbps on 10/100 ports and 8 Mbps on 10/100/1000 ports
–
Out-of-profile markdown for packets that exceed bandwidth utilization limits
To Next Page
Loading...
