Cisco 3560G-24PS - Catalyst Switch Datasheet - Page 10

Browse online or download pdf Datasheet for Switch Cisco 3560G-24PS - Catalyst Switch. Cisco 3560G-24PS - Catalyst Switch 23 pages. 10/100/1000 hardware configurations
Also for Cisco 3560G-24PS - Catalyst Switch: Product Bulletin (5 pages), Product Support Bulletin (6 pages), Specifications (3 pages), Product Overview (25 pages), Technical Specifications (8 pages), Brochure (8 pages), Description (1 pages), Product Support Bulletin (5 pages)

Cisco 3560G-24PS - Catalyst Switch Datasheet
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
QoS and Control
Advanced QoS
Granular Rate Limiting
Security
Networkwide Security
Features
● Standard 802.1p CoS and DSCP field classification are provided, using marking and
reclassification on a per-packet basis by source and destination IP address, source and
destination MAC address, or Layer 4 TCP or UDP port number.
● Cisco control- and data-plane QoS ACLs on all ports help ensure proper marking on a
per-packet basis.
● Four egress queues per port enable differentiated management of up to four traffic
types.
● SRR scheduling helps ensure differential prioritization of packet flows by intelligently
servicing the ingress and egress queues.
● Weighted tail drop (WTD) provides congestion avoidance at the ingress and egress
queues before a disruption occurs.
● Strict priority queuing guarantees that the highest-priority packets are serviced ahead of
all other traffic.
● There is no performance penalty for highly granular QoS functions.
● The Cisco Committed Information Rate (CIR) function guarantees bandwidth in
increments as low as 8 kbps.
● Rate limiting is provided based on source and destination IP address, source and
destination MAC address, Layer 4 TCP and UDP information, or any combination of
these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
● Asynchronous data flows upstream and downstream from the end station or on the
uplink are easily managed using ingress policing and egress shaping.
● Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit
Ethernet port.
● IEEE 802.1x allows dynamic, port-based security, providing user authentication.
● IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific
user regardless of where the user is connected.
● IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN
irrespective of the authorized or unauthorized state of the port.
● IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including those of the client.
● IEEE 802.1x with an ACL assignment allows for specific identity-based security policies
regardless of where the user is connected.
● IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited
network access on the guest VLAN.
● Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-
based browser for authentication.
● Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same
switch port while placing them on appropriate Voice and Data VLAN.
● MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x
supplicant to get authenticated using their MAC address.
● Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from
being bridged within VLANs.
● Cisco standard and extended IP security router ACLs (RACLs) define security policies
on routed interfaces for control- and data-plane traffic.
● Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on
individual switch ports.
● Unicast MAC filtering prevents the forwarding of any type of packet with a matching
MAC address.
● Unknown unicast and multicast port blocking allows tight control by filtering packets that
the switch has not already learned how to forward.
● SSHv2, Kerberos, and SNMPv3 provide network security by encrypting administrator
traffic during Telnet and SNMP sessions. SSHv2, Kerberos, and the cryptographic
version of SNMPv3 require a special cryptographic software image because of U.S.
export restrictions.
● Private VLAN Edge provides security and isolation between switch ports, helping ensure
that users cannot snoop on other users' traffic.
● Private VLANs restrict traffic between hosts in a common segment by segregating traffic
at Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
● Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco
Secure Intrusion Detection System (IDS) to take action when an intruder is detected.
● TACACS+ and RADIUS authentication enable centralized control of the switch and
restrict unauthorized users from altering the configuration.
● MAC address notification allows administrators to be notified of users added to or
removed from the network.
● Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users
from exploiting the insecure nature of the ARP protocol.
● DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC
Data Sheet
Page 10 of 22