Datasheet
Data Sheet
All contents are Copyright © 1992–2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 23
mechanisms for marking, classification, and scheduling deliver superior performance for data,
voice, and video traffic, all at wire speed.
Following are some of the QoS features supported in the Cisco Catalyst 3560-E Series Switches:
●
802.1p class of service (CoS) and differentiated services code point (DSCP) field
classification is provided, using marking and reclassification on a per-packet basis by
source and destination IP address, MAC address, or Layer 4 TCP/UDP port number.
●
Cisco control-plane and data-plane QoS ACLs on all ports help ensure proper marking on a
per-packet basis.
●
Four egress queues per port help enable differentiated management of up to four traffic
types across the switch.
●
Shaped Round Robin (SRR) scheduling helps ensure differential prioritization of packet
flows by intelligently servicing the ingress queues and egress queues.
●
Weighted Tail Drop (WTD) provides congestion avoidance at the ingress and egress
queues before a disruption occurs.
●
Strict priority queuing helps ensure that the highest-priority packets are serviced ahead of
all other traffic.
●
The Cisco committed information rate (CIR) function provides bandwidth in increments as
low as 8 Kbps.
●
Rate limiting is provided based on source and destination IP address, source and
destination MAC address, Layer 4 TCP/UDP information, or any combination of these
fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
●
Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit Ethernet
port.
Advanced Security
The Cisco Catalyst 3560-E Series supports a comprehensive set of security features for
connectivity and access control, including ACLs, authentication, port-level security, and identity-
based network services with 802.1x and extensions. This set of comprehensive features not only
helps prevent external attacks, but defends the network against “man-in-the-middle” attacks, a
primary concern in today’s business environment. The switch also supports the Network
Admission Control (NAC) security framework.
●
DHCP Snooping prevents malicious users from spoofing a DHCP server and sending out
invalid addresses. This feature is used by other primary security features to prevent a
number of other attacks such as ARP poisoning.
●
Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users
from exploiting the insecure nature of the ARP protocol.
●
IP source guard prevents a malicious user from spoofing or taking over another user’s IP
address by creating a binding table between the client’s IP and MAC address, port, and
VLAN.
●
Private VLANs restrict traffic between hosts in a common segment by segregating traffic at
Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
●
Private VLAN Edge provides security and isolation between switch ports, which helps
ensure that users cannot snoop on other users’ traffic.