Cisco 3560-48PS - Catalyst Switch Информационный лист - Страница 10

Просмотреть онлайн или скачать pdf Информационный лист для Переключатель Cisco 3560-48PS - Catalyst Switch. Cisco 3560-48PS - Catalyst Switch 23 страницы. Cisco catalyst 3560-48ts: product brochure
Также для Cisco 3560-48PS - Catalyst Switch: Бюллетень продукции (5 страниц), Бюллетень поддержки продуктов (6 страниц), Технические характеристики (3 страниц), Технические характеристики (8 страниц), Бюллетень поддержки продуктов (4 страниц), Брошюра (8 страниц)

Cisco 3560-48PS - Catalyst Switch Информационный лист
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
QoS and Control
Advanced QoS
Granular Rate Limiting
Security
Networkwide Security
Features
● Standard 802.1p CoS and DSCP field classification are provided, using marking and
reclassification on a per-packet basis by source and destination IP address, source and
destination MAC address, or Layer 4 TCP or UDP port number.
● Cisco control- and data-plane QoS ACLs on all ports help ensure proper marking on a
per-packet basis.
● Four egress queues per port enable differentiated management of up to four traffic
types.
● SRR scheduling helps ensure differential prioritization of packet flows by intelligently
servicing the ingress and egress queues.
● Weighted tail drop (WTD) provides congestion avoidance at the ingress and egress
queues before a disruption occurs.
● Strict priority queuing guarantees that the highest-priority packets are serviced ahead of
all other traffic.
● There is no performance penalty for highly granular QoS functions.
● The Cisco Committed Information Rate (CIR) function guarantees bandwidth in
increments as low as 8 kbps.
● Rate limiting is provided based on source and destination IP address, source and
destination MAC address, Layer 4 TCP and UDP information, or any combination of
these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
● Asynchronous data flows upstream and downstream from the end station or on the
uplink are easily managed using ingress policing and egress shaping.
● Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit
Ethernet port.
● IEEE 802.1x allows dynamic, port-based security, providing user authentication.
● IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific
user regardless of where the user is connected.
● IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN
irrespective of the authorized or unauthorized state of the port.
● IEEE 802.1x and port security are provided to authenticate the port and manage network
access for all MAC addresses, including those of the client.
● IEEE 802.1x with an ACL assignment allows for specific identity-based security policies
regardless of where the user is connected.
● IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited
network access on the guest VLAN.
● Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-
based browser for authentication.
● Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same
switch port while placing them on appropriate Voice and Data VLAN.
● MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x
supplicant to get authenticated using their MAC address.
● Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from
being bridged within VLANs.
● Cisco standard and extended IP security router ACLs (RACLs) define security policies
on routed interfaces for control- and data-plane traffic.
● Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on
individual switch ports.
● Unicast MAC filtering prevents the forwarding of any type of packet with a matching
MAC address.
● Unknown unicast and multicast port blocking allows tight control by filtering packets that
the switch has not already learned how to forward.
● SSHv2, Kerberos, and SNMPv3 provide network security by encrypting administrator
traffic during Telnet and SNMP sessions. SSHv2, Kerberos, and the cryptographic
version of SNMPv3 require a special cryptographic software image because of U.S.
export restrictions.
● Private VLAN Edge provides security and isolation between switch ports, helping ensure
that users cannot snoop on other users' traffic.
● Private VLANs restrict traffic between hosts in a common segment by segregating traffic
at Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
● Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco
Secure Intrusion Detection System (IDS) to take action when an intruder is detected.
● TACACS+ and RADIUS authentication enable centralized control of the switch and
restrict unauthorized users from altering the configuration.
● MAC address notification allows administrators to be notified of users added to or
removed from the network.
● Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users
from exploiting the insecure nature of the ARP protocol.
● DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC
Data Sheet
Page 10 of 22