1-6
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter1 Overview
Features
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
(available only with the EI)
Multilevel security for a choice of security level, notification, and resulting actions
MAC-based port-level security for restricting the use of a switch port to a specific group of so urce
addresses and preventing switch access from unauthorized stations (available only with the EI)
TACACS+, a proprietary feature for managing network security through a TACACS server
IEEE 802.1x port-based authentication to prevent unauthorized devices from gaining access to the
network
802.1x accounting to track network usage
Standard and extended IP access control lists (ACLs) for defining security policies (available only
with the EI)
Quality of Service and Class of Service
Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying
traffic and configuring egress queues (only available in the EI)
Classification
IEEE 802.1p class of service (CoS) with four priority queues on the switch 10/100 and LRE
ports and eight priority queues on the Gigabit ports for prioritizing mission-critical and
time-sensitive traffic from data, voice, and telephony applications
IP Differentiated Services Code Point (IP DSCP) and (CoS) marking priorities on a per-port
basis for protecting the performance of mission-critical applications (only av ailable with the EI)
Flow-based packet classification (classification based on information in the MAC, IP, and
TCP/UDP headers) for high-performance quality of service at the network edge, allowing for
differentiated service levels for different types of network traffic and for prioritizing
mission-critical traffic in the network (only available in the EI)
Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of
high-priority voice traffic
Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and
ensure port security. If the IP phone is not detected, disable the trusted setting on the port and
prevent misuse of a high-priority queue.)
Policing
Traffic-policing policies on the switch port for allocating the amount of the port bandwidth to
a specific traffic flow
Policing traffic flows to restrict specific applications or traffic flows to metered, predefined
rates
Up to 60 policers on ingress Gigabit-capable Ethernet ports
Up to six policers on ingress 10/100 ports
Granularity of 1 Mbps on 10/100 ports and 8 Mbps on 10/100/1000 ports
Out-of-profile markdown for packets that exceed bandwidth utilization limits
Note Policing is available only in the EI.
Egress Policing and Scheduling of Egress Queues—Four egress queues on all switch ports. Suppo rt
for strict priority and weighted round-robin (WRR) CoS polic ies