Datasheet
Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 7 of 16
• A private VLAN edge provides security and isolation between ports on a switch, ensuring
that voice traffic travels directly from its entry point to the aggregation device through a
virtual path and cannot be directed to a different port.
• Support for the 802.1x standard allows users to be authenticated, regardless of which LAN
port they are accessing, and provides unique benefits to customers who have a large base
of mobile (wireless) users accessing the network.
• 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user,
regardless of where the user is connected.
• 802.1x with voice VLAN gives an IP phone access to the voice VLAN, regardless of the
authorized or unauthorized state of the port.
• 802.1x with port security authenticates the port and manages network access for all MAC
addresses, including the clients’.
• SSH and SNMPv3 provide network security by encrypting administrator traffic during
Telnet and SNMP sessions.
• Port security secures the access to a port based on the MAC address of a user’s device. The
aging feature removes the MAC address from the switch after a specific timeframe to allow
another device to connect to the same port.
• MAC address notification allows administrators to be notified of new users added or
removed from the network.
• Spanning-tree root guard (STRG) prevents edge devices not in the network administrator’s
control from becoming Spanning-Tree Protocol root nodes.
• The Spanning-Tree Protocol PortFast/bridge protocol data unit (BPDU) guard feature
disables access ports with Spanning-Tree Protocol PortFast enabled upon reception of a
BPDU, and increases network reliability, manageability, and security.
• Multilevel console access security prevents unauthorized users from altering the switch
configuration.
• TACACS+ and RADIUS authentication enables centralized control of the switch and restricts
unauthorized users from altering the configuration.
• The user-selectable address-learning mode simplifies configuration and enhances security.
• Trusted Boundary provides the ability to trust the QoS prioritysettingsif a Cisco IP phone is
present and to disable the trust setting if the IP phone is removed, preventing a rogue user
from overriding prioritization policies in the network.
• IGMP Filtering provides multicast authentication by filtering out nonsubscribers and limits
the number of concurrent multicast streams available per port.
• Support for dynamic VLAN assignment through implementation of VLAN Membership
Policy Server (VMPS) client functionality provides flexibility in assigning ports to VLANs.
Dynamic VLAN enables fast assignment of IP addresses.
• Cisco CMS Software Security Wizards ease the deployment of security features for
restricting user access to a server, a portion of the network, or the entire network.
QoS
Overview • The switches support the aggregate QoS model by enabling classification, policing/
metering, and marking functions on a per-port basis at ingress and queuing/scheduling
functions at egress.
• The switches support configuring QoS ACPs on all ports, using ACPs to ensure proper
policing and marking on a per-packet basis. Up to four ACPs per switch are supported in
configuring either QoS ACPs or security filters.
• Automatic QoS (Auto-QoS) greatly simplifies the configuration of QoS in voice-over-IP
(VoIP) networks by issuing interface and global switch commands that allow the detection
of Cisco IP phones, the classification of traffic, and egress queue configuration.
Table 1 Product Features and Benefits
Feature Benefit