Cisco Systems, Inc.
All contents are Copyright © 1992–2003 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 7 of 15
Security
Networkwide
security features
• A private VLAN edge provides security and isolation between ports on a switch, ensuring
that voice traffic travels directly from its entry point to the aggregation device through a
virtual path and cannot be directed to a different port.
• Support for the 802.1x standard allows users to be authenticated regardless of which LAN
ports they are accessing, and it provides unique benefits to customers who have a large
base of mobile (wireless) users accessing the network.
• 802.1x with voice VLAN permits an IP phone access to the voice VLAN regardless of the
authorized or unauthorized state of the port.
• 802.1x with Port Security authenticates the port and manages network access for all MAC
addresses, including that of the client.
• Port Security secures the access to a port based on the MAC address of a user’s device.
The aging feature removes the MAC address from the switch after a specific time to allow
another device to connect to the same port.
• MAC Address Notification allows administrators to be notified of new users added or
removed from the network.
• Multilevel security on console access prevents unauthorized users from altering the
switch configuration.
• Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is
present and disable the trust setting in the event that the IP phone is removed, thereby
preventing a rogue user from overriding prioritization policies in the network.
• and RADIUS authentication enables centralized control of the switch and
restricts unauthorized users from altering the configuration.
• SNMPv3 (non-crypto) monitors and controls network devices, manages configurations,
statistics collection, performance, and security.
• Cisco CMS software security wizards ease the deployment of security features for
restricting user access to a server, a portion of the network, or access to the network.
Quality of Service
Layer 2 QoS
• Support for reclassifying frames is based either on 802.1p class-of-service (CoS) value or
default CoS value per port assigned by network manager.
• Four queues per egress port are supported in hardware.
• The Weighted Round Robin (WRR) scheduling algorithm ensures that low-priority queues
are not starved.
• Strict priority queue configuration via Strict Priority Scheduling ensures that
time-sensitive applications such as voice always follow an expedited path through the
switch fabric.
Feature
Benefit