Chapter 1
Overview
Table 1-1
Features (continued)
Security
Bridge Protocol Data Unit (BPDU) Guard for shutting down a Port Fast-configured port when an invalid configuration
•
occurs
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
•
Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection
•
against unauthorized configuration changes
Multilevel security for a choice of security level, notification, and resulting actions
•
MAC-based port-level security for restricting the use of a switch port to a specific group of source addresses and
•
preventing switch access from unauthorized stations
Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for managing network
•
security through a TACACS server
802.1X port-based authentication to prevent unauthorized devices from gaining access to the network
•
•
Standard and extended IP access control lists (ACLs) for defining security policies
Quality of Service and Class of Service
Classification
IP Differentiated Services Code Point (IP DSCP) and class of service (CoS) marking priorities on a per-port basis for
•
protecting the performance of mission-critical applications
•
Flow-based packet classification (classification based on information in the MAC, IP, and TCP/UDP headers) for
high-performance quality of service at the network edge, allowing for differentiated service levels for different types of
network traffic and for prioritizing mission-critical traffic in the network
•
Support for IEEE 802.1P CoS scheduling for classification and preferential treatment of high-priority voice traffic
Policing
•
Traffic-policing policies on the switch port for allocating the amount of the port bandwidth to a specific traffic flow
•
Policing traffic flows to restrict specific applications or traffic flows to metered, predefined rates
•
Up to 60 policers on ingress Gigabit-capable Ethernet ports
Up to six policers on ingress 10/100 ports
Granularity of 1 Mbps on 10/100 ports and 8 Mbps on 10/100/1000 ports
•
Out-of-profile markdown for packets that exceed bandwidth utilization limits
Egress Policing and Scheduling of Egress Queues
Four egress queues on all switch ports. Support for strict priority and weighted round-robin (WRR) CoS policies
•
78-11380-03
1
1
1
1
Catalyst 2950 Desktop Switch Software Configuration Guide
1
1
1
1
1
Features
1
1-5