Advanced Qos - Cisco CATALYST 2960 Series Datasheet

Port security can be used to limit access on an Ethernet port based on the MAC address of the device to which it is connected. It also can be used to
limit the total number of devices plugged into a switch port, thereby protecting the switch from a MAC flooding attack as well as reducing the risks
of rogue wireless access points or hubs.
With Dynamic Host Configuration Protocol (DHCP) snooping, DHCP spoofing can be thwarted by allowing only DHCP requests (but not
responses) from untrusted user-facing ports. Additionally, the DHCP Interface Tracker (Option 82) feature helps enable granular control over IP
address assignment by augmenting a host IP address request with the switch port ID.
The MAC Address Notification feature can be used to monitor the network and track users by sending an alert to a management station so that
network administrators know when and where users entered the network. Secure Shell Protocol Version 2 (SSHv2) and Simple Network
Management Protocol Version 3 (SNMPv3) encrypt administrative and network-management information, protecting the network from tampering or
eavesdropping. TACACS+ or RADIUS authentication enables centralized access control of switches and restricts unauthorized users from altering
the configurations. Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on
the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to
different administrators.
AVAILABILITY AND SCALABILITY
The Cisco Catalyst 2960 Series is equipped with a large set of features that allow for network scalability and higher availability through multicast
filtering as well as a complete suite of Spanning Tree Protocol enhancements aimed to maximize availability in a Layer 2 network.
Enhancements to the standard Spanning Tree Protocol, such as Per-VLAN Spanning Tree Plus (PVST+), UplinkFast, and PortFast, help to maximize
network uptime. PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design.
UplinkFast, PortFast, and BackboneFast all greatly reduce the standard 30- to 60-second Spanning Tree Protocol convergence time. Flexlink
provides bidirectional, fast convergence in less than 100 milliseconds. The Loopguard and bridge protocol data unit (BPDU) guard enhancements
provide Spanning Tree Protocol loop avoidance.

ADVANCED QOS

The Cisco Catalyst 2960 Series offers superior multilayer QoS features to help ensure that network traffic is classified and prioritized, and that
congestion is avoided in the best possible manner. Configuration of QoS is greatly simplified through automatic QoS (Auto QoS), a feature that
detects Cisco IP phones and automatically configures the switch for the appropriate classification and egress queuing. This optimizes traffic
prioritization and network availability without the challenge of a complex configuration.
The Cisco Catalyst 2960 Series can classify, reclassify, police, mark, queue, and schedule incoming packets and can queue and schedule packets at
egress. Packet classification allows the network elements to discriminate between various traffic flows and enforce policies based on Layer 2 and
Layer 3 QoS fields.
To implement QoS, the Cisco Catalyst 2960 Series Switch first identifies traffic flows or packet groups, then classifies or reclassifies these groups
using the differentiated services code point (DSCP) field or the 802.1p class of service (CoS) field. Classification and reclassification can be based
on criteria as specific as the source or destination IP address, source or destination MAC address, or the Layer 4 TCP or UDP port. At the ingress,
the Catalyst 2960 Series also polices to determine whether a packet is in or out of profile, marks to change the classification label, passes through or
drops out of profile packets, and queues packets based on classification. Control-plane and data-plane ACLs are supported on all ports to help ensure
proper treatment on a per-packet basis.
The Cisco Catalyst 2960 Series supports four egress queues per port, giving network administrators more control in assigning priorities for the
various applications on the LAN. At egress, the switch performs congestion control and scheduling, the algorithm or process that determines the
order in which queues are processed. The Catalyst 2960 Series Switch supports Shaped Round Robin (SRR) and strict priority queuing. The SRR
algorithm helps ensure differential prioritization.
© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 3 of 16