© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 7 of 25
Feature
Benefit
QoS AND CONTROL
Advanced QoS
• Cross-stack QoS allows QoS to be configured across the entire stack.
• 802.1p class of service (CoS) and differentiated services code point (DSCP) field classification are
provided, using marking and reclassification on a per-packet basis by source and destination IP address,
source and destination MAC address, or Layer 4 Transmission Control Protocol/User Datagram Protocol
(TCP/UDP) port number.
• Cisco control-plane and data-plane QoS ACLs on all ports help ensure proper marking on a per-packet
basis.
• 4 egress queues per port help enable differentiated management of up to 4 traffic types across the stack.
• Shaped Round Robin (SRR) scheduling helps ensure differential prioritization of packet flows by
intelligently servicing the ingress queues and egress queues.
• Weighted Tail Drop (WTD) provides congestion avoidance at the ingress and egress queues before a
disruption occurs.
• Strict priority queuing helps ensure that the highest-priority packets are serviced ahead of all other traffic.
• There is no performance penalty for highly granular QoS capability.
Granular Rate Limiting
• Cisco committed information rate (CIR) function provides bandwidth in increments as low as 8 Kbps.
• Rate limiting is provided based on source and destination IP address, source and destination MAC
address, Layer 4 TCP/UDP information, or any combination of these fields, using QoS ACLs (IP ACLs or
MAC ACLs), class maps, and policy maps.
• Asynchronous data flows upstream and downstream from the end station or on the uplink are easily
managed using ingress policing and egress shaping.
• Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit Ethernet port.
NETWORK SECURITY
Networkwide Security Features
• IEEE 802.1x allows dynamic, port-based security, providing user authentication.
• IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of
where the user is connected.
• IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized
or unauthorized state of the port.
• IEEE 802.1x and port security are provided to authenticate the port and manage network access for all
MAC addresses, including that of the client.
• IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of
where the user is connected.
• IEEE 802.1x with guest VLAN allows guests without 802.1x clients to have limited network access on the
guest VLAN.
• Cisco security VLAN ACLs on all VLANs prevent unauthorized data flows from being bridged within VLANs.
• Cisco standard and extended IP security router ACLs define security policies on routed interfaces for
control-plane and data-plane traffic.
• Port-based ACLs for Layer 2 interfaces allow security policies to be applied on individual switch ports.
• Secure Shell (SSH) Protocol, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3)
provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSH
Protocol, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software
image because of U.S. export restrictions.
• Private VLAN Edge provides security and isolation between switch ports, which helps ensure that users
cannot snoop on other users’ traffic.