Cisco Systems 3750E QoS and CoS Features

1-10

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

OL-9775-02

Chapter1 Overview

Features

•MAC authentication bypass to authorize clients based on the client MAC address.

•Network Admission Control (NAC) features:

–

NAC Layer 2 IEEE 802.1x validation of the antivirus condition or posture of endpoint systems

or clients before granting the devices network access.

For information about configuring NAC Layer 2 IEEE 802.1x validation, see the “Configuring

NAC Layer 2 IEEE 802.1x Validation” section on page10-40.

–

NAC Layer 2 IP validation of the posture of endpoint systems or clients before granting the

devices network access.

For information about configuring NAC Layer 2 IP validation, see the Network Admission

Control Software Configuration Guide.

–

IEEE 802.1x inaccessible authentication bypass.

For information about configuring this feature, see the “Configuring the Inaccessible

Authentication Bypass Feature” section on page 10-36.

–

Authentication, authorization, and accounting (AAA) down policy for a NAC Layer 2 IP

validation of a host if the AAA server is not available when the posture validation occurs.

For information about this feature, see the Network Admission Control Software Configuration

Guide.

•TACACS+, a proprietary feature for managing network security through a TACACS server

•RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users

through AAA services

•Kerberos security system to authenticate requests for network resources by using a trusted third

party (requires the cryptographic universal software image)

•Secure Socket Layer (SSL) Version 3.0 support for the HTTP 1.1 server authentication, encryption,

and message integrity and HTTP client authentication to allow secure HTTP communications

(requires the cryptographic universal software image)

QoS and CoS Features

These are the QoS and CoS features:

•Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying

traffic and configuring egress queues

•Cross-stack QoS for configuring QoS features to all switches in a switch stack rather than on an

individual-switch basis (only Catalyst 3750-E switches)

•Classification

–

IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS

marking priorities on a per-port basis for protecting the performa nce of mission-critical

applications

–

IP ToS/DSCP and IEEE 802.1p CoS marking based on flow-based packet classification

(classification based on information in the MAC, IP, and TCP/UDP headers) for

high-performance quality of service at the network edge, allowing for differentiated service

levels for different types of network traffic and for prioritizing mission-critical traffic in the

network

–

Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port

bordering another QoS domain