Cisco 2975 - Catalyst LAN Base Switch Технічний паспорт - Сторінка 9

Переглянути онлайн або завантажити pdf Технічний паспорт для Перемикач Cisco 2975 - Catalyst LAN Base Switch. Cisco 2975 - Catalyst LAN Base Switch 14 сторінок. Stackable switch
Також для Cisco 2975 - Catalyst LAN Base Switch: Посібник для початківців (17 сторінок), Інформаційний бюлетень про продукцію (2 сторінок), Брошура (19 сторінок)

Друкувати сторінку

Cisco 2975 - Catalyst LAN Base Switch Технічний паспорт

QoS and Control

● Standard 802.1p CoS and DSCP field classification are provided, using marking and reclassification

Enhanced QoS

on a per-packet basis by source and destination IP address, source and destination MAC address,

or Layer 4 TCP or UDP port number.

● Cisco control-plane and data-plane QoS ACLs on all ports help ensure proper marking on a per-

packet basis.

● Four egress queues per port enable differentiated management of up to four traffic types.

● SRR scheduling helps ensure differential prioritization of packet flows by intelligently servicing the

ingress and egress queues.

● Weighted tail drop (WTD) provides congestion avoidance at the ingress and egress queues before

a disruption occurs.

● Strict priority queuing guarantees that the highest-priority packets are serviced ahead of all other

traffic.

● There is no performance penalty for highly granular QoS functions.

● The Cisco CIR function guarantees bandwidth in increments as small as 1 Mbps.

Granular Rate

Limiting

● Rate limiting is provided based on source and destination IP address, source and destination MAC

address, Layer 4 TCP and UDP information, or any combination of these fields, using QoS ACLs

(IP ACLs or MAC ACLs), class maps, and policy maps.

● Asynchronous data flows upstream and downstream from the end station or on the uplink are easily

managed using ingress policing and egress shaping.

● Up to 64 aggregate or individual polices are available per Fast Ethernet or Gigabit Ethernet port.

Security

Networkwide

● IEEE 802.1x allows dynamic, port-based security, providing user authentication.

Security Features

● IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user

regardless of where the user is connected.

● IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the

authorized or unauthorized state of the port.

● IEEE 802.1x and port security are provided to authenticate the port and manage network access for

all MAC addresses, including those of the client.

● IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access

on the guest VLAN.

● Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based browser

for authentication.

● MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant to get

authenticated using their MAC address.

● Port-based ACLs for Layer 2 interfaces allow application of security policies on individual switch

ports.

● Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.

● Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch

has not already learned how to forward.

● SSHv2 and SNMPv3 provide network security by encrypting administrator traffic during Telnet and

SNMP sessions. SSHv2 and the cryptographic version of SNMPv3 require a special cryptographic

software image because of U.S. export restrictions.

● Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure

intrusion detection system (IDS) to take action when an intruder is detected.

● TACACS+ and RADIUS authentication enable centralized control of the switch and restrict

unauthorized users from altering the configuration.

● MAC address notification allows administrators to be notified of users added to or removed from the

network.

● DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC addresses.

This can be used to prevent attacks that attempt to poison the DHCP binding database, and to rate-

limit the amount of DHCP traffic that enters a switch port.

● DHCP Interface Tracker (Option 82) feature augments a host IP address request with the switch

port ID.

● Port security secures the access to an access or trunk port based on MAC address.

● After a specific timeframe, the aging feature removes the MAC address from the switch to allow

another device to connect to the same port.

● Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is present and

to disable the trust setting if the IP phone is removed, thereby preventing a malicious user from

overriding prioritization policies in the network.

● Multilevel security on console access prevents unauthorized users from altering the switch

configuration.

● The user-selectable address-learning mode simplifies configuration and enhances security.

● BPDU Guard shuts down Spanning Tree Protocol PortFast-enabled interfaces when BPDUs are

received to avoid accidental topology loops.

● Spanning-Tree Root Guard (STRG) prevents edge devices not in the network administrator's

control from becoming Spanning Tree Protocol root nodes.

Data Sheet

Page 9 of 14