Cisco WS-C3560-12PC-S Datasheet Page 10
- Page / 22
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Data Sheet
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 10 of 22
QoS and Control
Advanced QoS
●
Standard 802.1p CoS and DSCP field classification are provided, using marking and
reclassification on a per-packet basis by source and destination IP address, source and
destination MAC address, or Layer 4 TCP or UDP port number.
●
Cisco control- and data-plane QoS ACLs on all ports help ensure proper marking on a
per-packet basis.
●
Four egress queues per port enable differentiated management of up to four traffic
types.
●
SRR scheduling helps ensure differential prioritization of packet flows by intelligently
servicing the ingress and egress queues.
●
Weighted tail drop (WTD) provides congestion avoidance at the ingress and egress
queues before a disruption occurs.
●
Strict priority queuing guarantees that the highest-priority packets are serviced ahead of
all other traffic.
●
There is no performance penalty for highly granular QoS functions.
Granular Rate Limiting
●
The Cisco Committed Information Rate (CIR) function guarantees bandwidth in
increments as low as 8 kbps.
●
Rate limiting is provided based on source and destination IP address, source and
destination MAC address, Layer 4 TCP and UDP information, or any combination of
these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
●
Asynchronous data flows upstream and downstream from the end station or on the
uplink are easily managed using ingress policing and egress shaping.
●
Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit
Ethernet port.
Security
Networkwide Security
Features
●
IEEE 802.1x allows dynamic, port-based security, providing user authentication.
●
IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific
user regardless of where the user is connected.
●
IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN
irrespective of the authorized or unauthorized state of the port.
●
IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including those of the client.
●
IEEE 802.1x with an ACL assignment allows for specific identity-based security policies
regardless of where the user is connected.
●
IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited
network access on the guest VLAN.
●
Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-
based browser for authentication.
●
Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same
switch port while placing them on appropriate Voice and Data VLAN.
●
MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x
supplicant to get authenticated using their MAC address.
●
Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from
being bridged within VLANs.
●
Cisco standard and extended IP security router ACLs (RACLs) define security policies
on routed interfaces for control- and data-plane traffic.
●
Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on
individual switch ports.
●
Unicast MAC filtering prevents the forwarding of any type of packet with a matching
MAC address.
●
Unknown unicast and multicast port blocking allows tight control by filtering packets that
the switch has not already learned how to forward.
●
SSHv2, Kerberos, and SNMPv3 provide network security by encrypting administrator
traffic during Telnet and SNMP sessions. SSHv2, Kerberos, and the cryptographic
version of SNMPv3 require a special cryptographic software image because of U.S.
export restrictions.
●
Private VLAN Edge provides security and isolation between switch ports, helping ensure
that users cannot snoop on other users' traffic.
●
Private VLANs restrict traffic between hosts in a common segment by segregating traffic
at Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
●
Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco
Secure Intrusion Detection System (IDS) to take action when an intruder is detected.
●
TACACS+ and RADIUS authentication enable centralized control of the switch and
restrict unauthorized users from altering the configuration.
●
MAC address notification allows administrators to be notified of users added to or
removed from the network.
●
Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users
from exploiting the insecure nature of the ARP protocol.
●
DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC
Related products and manuals for Network switches Cisco WS-C3560-12PC-S
Network switches Cisco 071739 Datasheet
(4 pages)
(4 pages)
Network switches Cisco WS-X4515= Datasheet
(19 pages)
(19 pages)
Network switches Cisco WS-X4516= Datasheet
(16 pages)
(16 pages)
© 2020, manymanuals.com. All rights reserved. | 2.342 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals