1-8
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
OL-9639-07
Chapter 1 Overview
Features
• VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on
information in the MAC, IP, and TCP/UDP headers
• Source and destination MAC-based ACLs for filtering non-IP traffic
• IEEE 802.1x port-based authentication to prevent unauthorized devices (clients) from gaining
access to the network. These features are supported:
–
VLAN assignment for restricting 802.1x-authenticated users to a specified VLAN
–
Port security for controlling access to 802.1x ports
–
802.1x accounting to track network usage
–
802.1x readiness check to determine the readiness of connected end hosts before configuring
802.1x on the switch
–
Network Edge Access Topology (NEAT) with 802.1x switch supplicant, host authorization with
Client Information Signalling Protocol (CISP), and auto enablement to authenticate a switch
outside a wiring closet as a supplicant to another switch
Quality of Service and Class of Service Features
• Configurable control-plane queue assignment to assign control plane traffic for CPU-generated
traffic to a specific egress queue.
• Cisco modular quality of service (QoS) command-line (MQC) implementation
• Classification based on IP precedence, Differentiated Services Code Point (DSCP), and IEEE
802.1p class of service (CoS) packet fields, ACL lookup, or assigning a QoS label for output
classification
• Policing
–
One-rate policing based on average rate and burst rate for a policer
–
Two-color policing that allows different actions for packets that conform to or exceed the rate
–
Aggregate policing for policers shared by multiple traffic classes
• Weighted tail drop (WTD) as the congestion-avoidance mechanism for managing the queue lengths
and providing drop precedences for different traffic classifications
• Table maps for mapping DSCP, CoS, and IP precedence values
• Queuing and Scheduling
–
Shaped round robin (SRR) traffic shaping to mix packets from all queues to minimize traffic
burst
–
Class-based traffic shaping to specify a maximum permitted average rate for a traffic class
–
Port shaping to specify the maximum permitted average rate for a port
–
Class-based weighted queuing (CBWFQ) to control bandwidth to a traffic class
–
WTD to adjust queue size for a specified traffic class
–
Low-latency priority queuing to allow preferential treatment to certain traffic
• Per-port, per-VLAN QoS to control traffic carried on a user-specified VLAN for a given interface.
Beginning with IOS software release 12.2(25)SEG, you can use hierarchical policy maps for
per-VLAN classification and apply the per-port, per-VLAN hierarchical policy maps to trunk ports.
• The option to disable CPU protection to increase the available QoS policers from 45 to 64 per port
(63 on every fourth port)
To Next Page
Loading...
