Specifications
GURANTEED TECHNICAL PARTICULARS - ANNEXURE-VII
Control- and Data-plane QoS ACLs
No performance penalty for highly granular QoS functions
Four egress queues per port to enable differentiated management of up to four traffic types
Weighted tail drop (WTD) to provide congestion avoidance
Strict priority queuing mechanisms
Granular Rate Limiting function to guarantee bandwidth in increments as low as 1 Mbps
Rate limiting support based on source and destination IP address, source and destination MAC
address, Layer 4 TCP and UDP information, or any combination of these fields, using QoS ACLs (IP
ACLs or MAC ACLs), class maps, and policy maps.
Support for Asynchronous data flows upstream and downstream from the end station or on the
uplink using ingress policing and egress shaping.
Up to 64 aggregate or individual policers for per Fast Ethernet or Gigabit Ethernet port.
Support for Automatic Quality of Service for easy configuration of QoS features for critical
applications
Network security features
IEEE 802.1x to allow dynamic, port-based security, providing user authentication
Support for Admission Control features to improve the network’s ability to automatically identify,
prevent, and respond to security threats and also to enable the switches to collaborate with third-
party solutions for security-policy compliance and enforc
Port-based ACLs (PACLs) for Layer 2 interfaces to allow application of security policies on individual
switch ports.
Unicast MAC filtering to prevent the forwarding of any type of packet with a matching MAC address
Unknown unicast and multicast port blocking to allow tight control by filtering packets that the switch
has not already learned how to forward
IGMP filtering provides multicast authentication by filtering out no subscribers and limits the number
of concurrent multicast streams available per port.
Support for SSHv2, SNMPv3 to provide network security by encrypting administrator traffic during
Telnet and SNMP sessions
The switch should support 2 session of Port Mirroring based on port basis / vlan basis to support
intrusion prevention system deployment in different VLANs. Should support bidirectional data on
mirror port which allows IDS to take action when an intruder
Should be able to allow administrators to remotely monitor ports in a Layer 2 switch network from
any other switch in the same network
RADIUS authentication to enable centralized control of the switch and restrict unauthorized users
from altering the configuration.
MAC address notification to allow administrators to be notified of users added to or removed from
the network
DHCP snooping to allow administrators to ensure consistent mapping of IP to MAC addresses. This
can be used to prevent attacks that attempt to poison the DHCP binding database, and to rate limit
the amount of DHCP traffic that enters a switch port.
DHCP Interface Tracker (Option 82) to augment a host IP address request with the switch port ID
Port security to secure the access to an access or trunk port based on MAC address. After a specific
timeframe, the aging feature should remove the MAC address from the switch to allow another
device to connect to the same port.
Multilevel security on console access to prevent unauthorized users from altering the switch
configuration
BPDU Guard feature, to shut down Spanning Tree Protocol PortFast-enabled interfaces when
BPDUs are received to avoid accidental topology loops.
Spanning-Tree Root Guard (STRG) to prevent edge devices not in the network administrator's
control from becoming Spanning Tree Protocol root nodes.
Support for upto 512 access control entries (ACEs).
Management
CLI support to provide a common user interface and command set with all routers and switches of
the same vendor
Remote Monitoring (RMON) software agent to support four RMON groups (history, statistics, alarms,
and events) for enhanced traffic management, monitoring, and analysis.
Support for RMON groups through the use of a mirrored port, which permits traffic monitoring of a
single port, a group of ports, or the entire switch from a single network analyzer or RMON probe
Time-domain reflectometer (TDR) to diagnose and resolve cabling problems on copper ports
Layer 2 traceroute to ease troubleshooting by identifying the physical path that a packet takes from
source to destination
Domain Name System (DNS) to provide IP address resolution with user-defined device names
Trivial File Transfer Protocol (TFTP) to reduce the cost of administering software upgrades by
downloading from a centralized location
Network Timing Protocol (NTP) to provide an accurate and consistent timestamp to all intranet
switches
Support RMON I and II standards
14