Availability and Scalability, Advanced QOS

Port security can be used to limit access on an Ethernet port based on the MAC address of the device to which it is connected. It also can be used to limit the total number of devices plugged into a switch port, thereby protecting the switch from a MAC flooding attack as well as reducing the risks of rogue wireless access points or hubs.

With Dynamic Host Configuration Protocol (DHCP) snooping, DHCP spoofing can be thwarted by allowing only DHCP requests (but not responses) from untrusted user-facing ports. Additionally, the DHCP Interface Tracker (Option 82) feature helps enable granular control over IP address assignment by augmenting a host IP address request with the switch port ID.

The MAC Address Notification feature can be used to monitor the network and track users by sending an alert to a management station so that network administrators know when and where users entered the network. Secure Shell Protocol Version 2 (SSHv2) and Simple Network Management Protocol Version 3 (SNMPv3) encrypt administrative and network-management information, protecting the network from tampering or eavesdropping. TACACS+ or RADIUS authentication enables centralized access control of switches and restricts unauthorized users from altering the configurations. Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators.

AVAILABILITY AND SCALABILITY

The Cisco Catalyst 2960 Series is equipped with a large set of features that allow for network scalability and higher availability through multicast filtering as well as a complete suite of Spanning Tree Protocol enhancements aimed to maximize availability in a Layer 2 network.

Enhancements to the standard Spanning Tree Protocol, such as Per-VLAN Spanning Tree Plus (PVST+), UplinkFast, and PortFast, help to maximize network uptime. PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design. UplinkFast, PortFast, and BackboneFast all greatly reduce the standard 30- to 60-second Spanning Tree Protocol convergence time. Flexlink provides bidirectional, fast convergence in less than 100 milliseconds. The Loopguard and bridge protocol data unit (BPDU) guard enhancements provide Spanning Tree Protocol loop avoidance.

ADVANCED QOS

The Cisco Catalyst 2960 Series offers superior multilayer QoS features to help ensure that network traffic is classified and prioritized, and that congestion is avoided in the best possible manner. Configuration of QoS is greatly simplified through automatic QoS (Auto QoS), a feature that detects Cisco IP phones and automatically configures the switch for the appropriate classification and egress queuing. This optimizes traffic prioritization and network availability without the challenge of a complex configuration.

The Cisco Catalyst 2960 Series can classify, reclassify, police, mark, queue, and schedule incoming packets and can queue and schedule packets at egress. Packet classification allows the network elements to discriminate between various traffic flows and enforce policies based on Layer 2 and Layer 3 QoS fields.

To implement QoS, the Cisco Catalyst 2960 Series Switch first identifies traffic flows or packet groups, then classifies or reclassifies these groups using the differentiated services code point (DSCP) field or the 802.1p class of service (CoS) field. Classification and reclassification can be based on criteria as specific as the source or destination IP address, source or destination MAC address, or the Layer 4 TCP or UDP port. At the ingress, the Catalyst 2960 Series also polices to determine whether a packet is in or out of profile, marks to change the classification label, passes through or drops out of profile packets, and queues packets based on classification. Control-plane and data-plane ACLs are supported on all ports to help ensure proper treatment on a per-packet basis.

The Cisco Catalyst 2960 Series supports four egress queues per port, giving network administrators more control in assigning priorities for the various applications on the LAN. At egress, the switch performs congestion control and scheduling, the algorithm or process that determines the order in which queues are processed. The Catalyst 2960 Series Switch supports Shaped Round Robin (SRR) and strict priority queuing. The SRR algorithm helps ensure differential prioritization.

Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.

Page 3 of 16

2960 specifications

Cisco Systems 2960 series switches are a prominent solution in the networking landscape, known for their reliability, scalability, and feature-rich offerings. Ideal for small to medium-sized enterprises, these switches provide a robust foundation for network infrastructure, ensuring optimal performance and connectivity.

One of the standout features of the Cisco 2960 series is its Layer 2 switching capabilities. The switches support multiple VLANs (Virtual Local Area Networks), allowing network administrators to segment traffic efficiently and enhance security protocols. This is crucial in modern networks where managing traffic and isolating sensitive information is a priority.

The Cisco 2960 series also incorporates advanced Quality of Service (QoS) features, enabling the prioritization of critical applications and services. This functionality ensures that time-sensitive data, such as voice and video traffic, maintains a high quality of service even in congested networks. With support for IEEE 802.1p and DSCP marking, administrators can fine-tune their network performance to meet specific organizational needs.

Power over Ethernet (PoE) is another significant characteristic of the Cisco 2960 series. This feature allows switches to deliver electrical power alongside data over Ethernet cables to devices such as IP phones, wireless access points, and surveillance cameras. With PoE, organizations can reduce clutter from power cables and increase deployment flexibility for various devices.

In terms of security, the Cisco 2960 series is equipped with a range of integrated security features. The switch supports port security, 802.1X authentication, and Access Control Lists (ACLs), providing robust defenses against unauthorized access and potential network vulnerabilities. These security measures are essential for protecting sensitive data and ensuring compliance with industry regulations.

Moreover, the Cisco 2960 series offers enhanced network management capabilities with Cisco's Intelligent Network Services. This includes support for Simple Network Management Protocol (SNMP), Cisco Prime, and Embedded Event Manager (EEM), allowing for efficient monitoring, troubleshooting, and policy enforcement across the network.

Additionally, the Cisco 2960 switches provide various models and configurations, catering to different networking needs. Options include models with varying port densities, uplink configurations, and stacking capabilities, making it easy for organizations to choose solutions that align perfectly with their requirements.

In summary, the Cisco 2960 series is a versatile and essential component of modern networking environments. Its advanced features, including Layer 2 support, QoS, PoE, robust security, and diverse management tools, make it an excellent choice for organizations looking to build a strong and secure network infrastructure.