Support User Manuals

Cisco Systems 2960 Switch User Manual

Open as PDF

of 680

1-7

Catalyst 2960 Switch Software Configuration Guide

78-16881-01

Chapter 1 Overview

Features

–

Guest VLAN to provide limited services to non-IEEE 802.1x-compliant users

–

IEEE 802.1x accounting to track network usage

• TACACS+, a proprietary feature for managing network security through a TACACS server

• RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users

through authentication, authorization, and accounting (AAA) services

• SecureSocket Layer (SSL) Version 3.0 support for the HTTP1.1 server authentication, encryption,

and message integrity, and HTTP client authentication to allow secure HTTP communications

(requires the cryptographic version of the software)

QoS and CoS Features

• Automatic QoS (auto-QoS) to simplify the deployment of existing QoS features by classifying

traffic and configuring egress queues

• Classification

–

IP type-of-service/Differentiated Services Code Point (IP ToS/DSCP) and IEEE 802.1p CoS

marking priorities on a per-port basis for protecting the performance of mission-critical

applications

–

IP ToS/DSCP and IEEE 802.1p CoS marking based on flow-based packet classification

(classification based on information in the MAC, IP, and TCP/UDP headers) for

high-performance quality of service at the network edge, allowing for differentiated service

levels for different types of network traffic and for prioritizing mission-critical traffic in the

network

–

Trusted port states (CoS, DSCP, and IP precedence) within a QoS domain and with a port

bordering another QoS domain

–

Trusted boundary for detecting the presence of a Cisco IP Phone, trusting the CoS value

received, and ensuring port security

• Policing

–

Traffic-policing policies on the switch port for managing how much of the port bandwidth

should be allocated to a specific traffic flow

–

Aggregate policing for policing traffic flows in aggregate to restrict specific applications or

traffic flows to metered, predefined rates

• Out-of-Profile

–

Out-of-profile markdown for packets that exceed bandwidth utilization limits

• Ingress queueing and scheduling

–

Two configurable ingress queues for user traffic (one queue can be the priority queue)

–

Weighted tail drop (WTD) as the congestion-avoidance mechanism for managing the queue

lengths and providing drop precedences for different traffic classifications

–

Shaped round robin (SRR) as the scheduling service for specifying the rate at which packets are

sent to the internal ring (sharing is the only supported mode on ingress queues)

previous next