1-7
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
OL-10101-02
Chapter 1 Overview
Features
IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame
IEEE 802.1x with restricted VLAN to provide limited services to users who are IEEE 802.1x
compliant, but do not have the credentials to authenticate via the standard IEEE 802.1x processes.
Network Admission Control (NAC) Layer 2 IEEE 802.1x validation of the antivirus condition or
posture of endpoint systems or clients before granting the devices network access.
For information about configuring NAC Layer 2 IEEE 802.1x validation, see the “Configuring NAC
Layer 2 IEEE 802.1x Validation” section on page 9-27.
Standard and extended IP access control lists (ACLs) for defining security policies (available only
with the EI)
Quality of Service and Class of Service
Automatic quality of service (auto-QoS) to simplify the deployment of existing QoS features by
classifying traffic and configuring egress queues (only available in the EI)
Classification
IEEE 802.1p class of service (CoS) with four priority queues on the switch 10/100 and LRE
ports and eight priority queues on the Gigabit ports for prioritizing mission-critical and
time-sensitive traffic from data, voice, and telephony applications
IP Differentiated Services Code Point (IP DSCP) and CoS marking priorities on a per-port basis
for protecting the performance of mission-critical applications (only available with the EI)
Flow-based packet classification (classification based on information in the MAC, IP, and
TCP/UDP headers) for high-performance quality of service at the network edge, allowing for
differentiated service levels for different types of network traffic and for prioritizing
mission-critical traffic in the network (only available in the EI)
Support for IEEE 802.1p CoS scheduling for classification and preferential treatment of
high-priority voice traffic
Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and
ensure port security. If the IP phone is not detected, disable the trusted setting on the port and
prevent misuse of a high-priority queue.)
Policing
Traffic-policing policies on the switch port for allocating the amount of the port bandwidth to
a specific traffic flow
Policing traffic flows to restrict specific applications or traffic flows to metered, predefined
rates
Up to 60 policers on ingress Gigabit-capable Ethernet ports
Up to six policers on ingress 10/100 ports
Granularity of 1 Mbps on 10/100 ports and 8 Mbps on 10/100/1000 ports
Out-of-profile markdown for packets that exceed bandwidth utilization limits
Note Policing is available only in the EI.
Egress Policing and Scheduling of Egress Queues—Four egress queues on all switch ports. Support
for strict priority and weighted round-robin (WRR) CoS policies