Data Sheet
Data Sheet
© 1992-2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 15
Feature
Benefit
●
Trusted Boundary provides the ability to trust the QoS priority settings if a
Cisco IP phone is present and to disable the trust setting if the IP phone is
removed, preventing a rogue user from overriding prioritization policies in the
network.
●
IGMP Filtering provides multicast authentication by filtering out
nonsubscribers and limits the number of concurrent multicast streams
available per port.
●
Support for dynamic VLAN assignment through implementation of VLAN
Membership Policy Server (VMPS) client functionality provides flexibility in
assigning ports to VLANs. Dynamic VLAN enables fast assignment of IP
addresses.
●
SPAN support of intrusion detection systems (IDSs) to monitor, repel, and
report network security violations.
●
Cisco Network Assistant software security wizards ease the deployment of
security features for restricting user access to a server, a portion of the
network, or the network.
QoS
Overview
●
The switches support the aggregate QoS model by enabling classification,
policing/metering, and marking functions on a per-port basis at ingress and
queuing/scheduling functions at egress.
●
The switches support configuring QoS ACPs on all ports, using ACPs to help
ensure proper policing and marking on a per-packet basis. Up to four ACPs
per switch are supported in configuring either QoS ACPs or security filters.
●
Automatic QoS (Auto-QoS) greatly simplifies the configuration of QoS in
voice-over-IP (VoIP) networks by issuing interface and global switch
commands that allow the detection of Cisco IP phones, the classification of
traffic, and egress queue configuration.
QoS Classification
Support at Ingress
●
The switches support QoS classification of incoming packets for QoS flows
based on Layer 2, Layer 3, and Layer 4 fields.
●
The following Layer 2 fields (or a combination) can be used for classifying
incoming packets to define QoS flows: source/destination MAC address or
16-bit Ethertype.
●
The switches support identification of traffic based on Layer 3 type of service
(ToS) field DSCP values.
●
The following Layer 3 and Layer 4 fields (or a combination) can be used to
classify incoming packets to define QoS flows: source/destination IP address,
TCP source/destination port number, or UDP source/destination port number.
QoS metering/policing at ingress
●
Support for metering/policing of incoming packets restricts incoming traffic
flows to a certain rate.
●
The switches support up to six policers per Fast Ethernet port, and 60
policers on a Gigabit Ethernet port.
●
The switches offer granularity of traffic flows at 1 Mbps on Fast Ethernet
ports, and 8 Mbps on Gigabit Ethernet ports.
QoS marking at ingress
●
The switches support marking and remarking packets based on the state of
policers/meters.
●
The switches support marking and remarking based on the following
mappings: from DSCP to 802.1p, and from 802.1p to DSCP.
●
The switches support 14 well-known and widely used DSCP values.
●
The switches support classifying or reclassifying packets based on the default
DSCP per port, and support classification based on DSCP values in the ACL.
●
The switches support classifying or reclassifying frames based on the default
802.1p value per port.
●
The switches support 802.1p override at ingress.
QoS scheduling support at egress
●
Four queues per egress port are supported in hardware.
●
The WRR queuing algorithm helps ensure that low-priority queues are not
starved.
●
Strict Priority Scheduling helps ensure that time-sensitive applications such
as voice always follow an expedited path through the switch fabric.
Sophisticated traffic management
●
The switch offers the ability to limit data flows based on MAC source or
destination address, IP source or destination address, TCP/UDP port
numbers, or any combination of these fields.
●
The switch offers the ability to manage data flows asynchronously upstream
and downstream from the end station or on the uplink.