Cisco Systems 2955 Manual

A SERVICE OF

next previous

1-7

Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide

OL-10101-02

Chapter 1 Overview

Features

• IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a

specific Ethernet frame

• IEEE 802.1x with restricted VLAN to provide limited services to users who are IEEE 802.1x

compliant, but do not have the credentials to authenticate via the standard IEEE 802.1x processes.

• Network Admission Control (NAC) Layer 2 IEEE 802.1x validation of the antivirus condition or

posture of endpoint systems or clients before granting the devices network access.

For information about configuring NAC Layer 2 IEEE 802.1x validation, see the “Configuring NAC

Layer 2 IEEE 802.1x Validation” section on page 9-27.

• Standard and extended IP access control lists (ACLs) for defining security policies (available only

with the EI)

Quality of Service and Class of Service

• Automatic quality of service (auto-QoS) to simplify the deployment of existing QoS features by

classifying traffic and configuring egress queues (only available in the EI)

• Classification

–

IEEE 802.1p class of service (CoS) with four priority queues on the switch 10/100 and LRE

ports and eight priority queues on the Gigabit ports for prioritizing mission-critical and

time-sensitive traffic from data, voice, and telephony applications

–

IP Differentiated Services Code Point (IP DSCP) and CoS marking priorities on a per-port basis

for protecting the performance of mission-critical applications (only available with the EI)

–

Flow-based packet classification (classification based on information in the MAC, IP, and

TCP/UDP headers) for high-performance quality of service at the network edge, allowing for

differentiated service levels for different types of network traffic and for prioritizing

mission-critical traffic in the network (only available in the EI)

–

Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of

high-priority voice traffic

–

Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and

ensure port security. If the IP phone is not detected, disable the trusted setting on the port and

prevent misuse of a high-priority queue.)

• Policing

–

Traffic-policing policies on the switch port for allocating the amount of the port bandwidth to

a specific traffic flow

–

Policing traffic flows to restrict specific applications or traffic flows to metered, predefined

rates

–

Up to 60 policers on ingress Gigabit-capable Ethernet ports

Up to six policers on ingress 10/100 ports

Granularity of 1 Mbps on 10/100 ports and 8 Mbps on 10/100/1000 ports

–

Out-of-profile markdown for packets that exceed bandwidth utilization limits

Note Policing is available only in the EI.

• Egress Policing and Scheduling of Egress Queues—Four egress queues on all switch ports. Support

for strict priority and weighted round-robin (WRR) CoS policies