1-5
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-09
Chapter 1 Overview
Features
• Extended MAC access control lists for defining security policies in the inbound direction on Layer 2
interfaces
• VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the MAC, IP, and TCP/User Datagram Protocol (UDP) headers
• Source and destination MAC-based ACLs for filtering non-IP traffic
• IEEE 802.1X port-based authentication to prevent unauthorized devices (clients) from gaining
access to the network
• 802.1X with per-user access control lists for providing different levels of network access and service
to an 802.1X-authenticated user
• 802.1X with VLAN assignment for restricting 802.1X-authenticated users to a specified VLAN
• 802.1X with port security for controlling access to 802.1X multiple-host ports
• 802.1X with voice VLAN to permit an IP phone access to the voice VLAN irrespective of the
authorized or unauthorized state of the port
• 802.1X with guest VLAN to provide limited services to non-802.1X compliant users
• Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for
managing network security through a TACACS server
• Kerberos security system to authenticate requests for network resources by using a trusted third
party
• Remote Authentication Dial-In User Service (RADIUS), which provides detailed accounting
information and flexible administrative control over authentication and authorization processes
• 802.1Q tunneling to allow customers with users at remote sites across a service provider network to
keep VLANs segregated from other customers and Layer 2 protocol tunneling to ensure that the
customer’s network has complete STP, CDP, and VTP information about all users
Quality of Service (QoS) and Class of Service (CoS)
• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues (voice over IP only)
• Classification
–
Classification on a physical interface or on a per-port per-VLAN basis
–
IP type-of-service/Differentiated Services Code Point (IP TOS/DSCP) and 802.1P CoS marking
priorities on a per-port basis for protecting the performance of mission-critical applications
–
IP TOS/DSCP and 802.1P CoS marking based on flow-based packet classification
(classification based on information in the MAC, IP, and TCP/UDP headers) for
high-performance quality of service at the network edge, allowing for differentiated service
levels for different types of network traffic and for prioritizing mission-critical traffic in the
network
–
Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port
bordering another QoS domain
–
Trusted boundary for detecting the presence of a Cisco IP phone, trusting the CoS value
received, and ensuring port security
• Policing
–
Policing on a physical interface or on a per-port per-VLAN basis
–
Traffic-policing policies on the switch port for managing how much of the port bandwidth
should be allocated to a specific traffic flow
To Next Page
Loading...
Need help?
General
