Cisco Systems IE3010 QoS and CoS Features

1-9

Cisco IE 3010 Switch Software Configuration Guide

OL-23145-01

Chapter 1 Overview

Features

• Support for IP source guard on static hosts.

• RADIUS Change of Authorization (CoA) to change the attributes of a certain session after it is

authenticated. When there is a change in policy for a user or user group in AAA, administrators can

send the RADIUS CoA packets from the AAA server, such as Cisco Secure ACS to reinitialize

authentication, and apply to the new policies.

• IEEE 802.1x User Distribution to allow deployments with multiple VLANs (for a group of users) to

improve scalability of the network by load balancing users across different VLANs. Authorized

users are assigned to the least populated VLAN in the group, assigned by RADIUS server.

• Support for critical VLAN with multiple-host authentication so that when a port is configured for

multi-auth, and an AAA server becomes unreachable, the port is placed in a critical VLAN in order

to still permit access to critical resources.

• Customizable web authentication enhancement to allow the creation of user-defined login, success,

failure and expire web pages for local web authentication.

• Support for Network Edge Access Topology (NEAT) to change the port host mode and to apply a

standard port configuration on the authenticator switch port.

• VLAN-ID based MAC authentication to use the combined VLAN and MAC address information for

user authentication to prevent network access from unauthorized VLAN s.

• MAC move to allow hosts (including the hosts connected behind an IP phone) to move across ports

within the same switch without any restrictions to enable mobility. With MAC move, the switch

treats the reappearance of the same MAC address on another port in the same way as a completely

new MAC address.

• Support for 3DES and AES with version 3 of the Simple Network Management Protocol (SNMPv3).

This release adds support for the 168-bit Triple Data Encryption Standard (3DES) and the 128-bit,

192-bit, and 256-bit Advanced Encryption Standard (AES) encryption algorithms to SNMPv3.

QoS and CoS Features

• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying

traffic and configuring egress queues

• Automatic quality of service (QoS) Voice over IP (VoIP) enhancement for port -based trust of DSCP

and priority queuing for egress traffic

• Classification

–

IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS

marking priorities on a per-port basis for protecting the performa nce of mission-critical

applications

–

IP ToS/DSCP and IEEE 802.1p CoS marking based on flow-based packet classification

(classification based on information in the MAC, IP, and TCP/UDP headers) for

high-performance quality of service at the network edge, al lowing for differentiated service

levels for different types of network traffic and for prioritizing mission-critical traffic in the

network

–

Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port

bordering another QoS domain

–

Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value

received, and ensuring port security

• Policing