Features
•
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
(available only with the EI)
•
Multilevel security for a choice of security level, notification, and resulting actions
•
MAC-based port-level security for restricting the use of a switch port to a specific group of source
addresses and preventing switch access from unauthorized stations (available only with the EI)
•
TACACS+, a proprietary feature for managing network security through a TACACS server
•
IEEE 802.1x port-based authentication to prevent unauthorized devices from gaining access to the
network
•
802.1x accounting to track network usage
•
Standard and extended IP access control lists (ACLs) for defining security policies (available only
with the EI)
Quality of Service and Class of Service
Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
•
traffic and configuring egress queues (only available in the EI)
Classification
•
–
–
–
–
–
Policing
•
–
–
–
–
Note
•
Egress Policing and Scheduling of Egress Queues—Four egress queues on all switch ports. Support
for strict priority and weighted round-robin (WRR) CoS policies
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
1-6
IEEE 802.1p class of service (CoS) with four priority queues on the switch 10/100 and LRE
ports and eight priority queues on the Gigabit ports for prioritizing mission-critical and
time-sensitive traffic from data, voice, and telephony applications
IP Differentiated Services Code Point (IP DSCP) and (CoS) marking priorities on a per-port
basis for protecting the performance of mission-critical applications (only available with the EI)
Flow-based packet classification (classification based on information in the MAC, IP, and
TCP/UDP headers) for high-performance quality of service at the network edge, allowing for
differentiated service levels for different types of network traffic and for prioritizing
mission-critical traffic in the network (only available in the EI)
Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of
high-priority voice traffic
Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and
ensure port security. If the IP phone is not detected, disable the trusted setting on the port and
prevent misuse of a high-priority queue.)
Traffic-policing policies on the switch port for allocating the amount of the port bandwidth to
a specific traffic flow
Policing traffic flows to restrict specific applications or traffic flows to metered, predefined
rates
Up to 60 policers on ingress Gigabit-capable Ethernet ports
Up to six policers on ingress 10/100 ports
Granularity of 1 Mbps on 10/100 ports and 8 Mbps on 10/100/1000 ports
Out-of-profile markdown for packets that exceed bandwidth utilization limits
Policing is available only in the EI.
Chapter 1
Overview
78-11380-10