Cisco WS-C2950SX-24 Brochure - Page 4

With multilayer Cisco Catalyst 2950 Series switches, network managers can implement high levels of console security. Multilevel access security on the switch console and the Web-based management interface prevent unauthorized users from accessing or altering switch configurations. TACACS+ or RADIUS authentication enables centralized access control of the switch and restricts unauthorized users from altering the configuration. Security can be deployed through Cisco Network Assistant Software security wizards, which ease the deployment of security features that restrict user access to a server, a portion of the network, or access to the network. Network Control Through Advanced Quality of Service and Rate Limiting The Cisco Catalyst 2950 Series offers superior, highly granular QoS based on Layer 2 to 4 information, helping to ensure that network traffic is classified and prioritized, and that congestion is avoided in the best possible manner. Configuration of QoS is greatly simplified through automatic QoS (auto-QoS), a feature that detects Cisco IP phones and automatically configures the switch for the appropriate classification and egress queuing. This optimizes traffic prioritization and network availability without the challenge of a complex configuration. Cisco Catalyst 2950 Series switches can classify, reclassify, police (determine if the packet is in or out of predetermined profiles and affect actions on the packet), and mark or drop the incoming packets before the packet is placed in the shared buffer. Packet classification allows the network elements to discriminate between various traffic flows and to enforce policies based on Layer 2 and Layer 3 QoS fields. To implement QoS, these switches first identify traffic flows, or packet groups, and classify or reclassify these groups using the DiffServ Code Point (DSCP) field in the IP packet and/or the 802.1p class of service (CoS) field in the Ethernet packet. Classification and reclassification can also be based on criteria as specific as the source/destination IP address, source/destination MAC address, or the Layer 4 Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) ports. At the ingress (incoming port) level, the Catalyst switches also perform policing and marking of the packet. After the packet goes through classification, policing, and marking, it is assigned to the appropriate queue before exiting the switch. Cisco Catalyst 2950 Series switches support four egress (outgoing port) queues per port, which allows the network administrator to be more discriminating and specific in assigning priorities for the various applications on the LAN. At the egress level, the switch performs scheduling, which is an algorithm (process) that determines the order in which the queues are processed. The switches support Weighted Round Robin (WRR) scheduling or strict priority scheduling. The WRR scheduling algorithm ensures that lower-priority packets are not entirely starved for bandwidth and are serviced without compromising the priority settings administered by the network manager. Strict priority scheduling ensures that the highest priority packets will always get serviced ahead of all other traffic, and that the other three queues will be serviced using WRR best effort. These features allow network administrators to prioritize mission-critical and/or bandwidth-intensive traffic, such as enterprise resource planning (ERP) (Oracle, SAP, and so on), voice (IP telephony traffic), and CAD/CAM over less time-sensitive applications such as FTP or e-mail (Simple Mail Transport Protocol [SMTP]). For example, it would be highly undesirable to have a large file download destined to one port on a wiring closet switch and have quality implications, such as increased latency in voice traffic, destined to another port on this switch. This condition is avoided by ensuring that voice traffic is properly classified and prioritized throughout the network. Other applications, such as Web browsing, can be treated as low-priority and handled on a best-effort basis. Cisco Catalyst 2950 Series switches are capable of allocating bandwidth based on several criteria, including MAC source/destination address, IP source/destination address, and TCP/UDP port number. Bandwidth allocation is essential in network environments requiring service-level agreements, or when it is necessary for the network manager to control the bandwidth given to certain users. Cisco Catalyst 2950 Series switches support up to six policers per Fast Ethernet port and up to 60 policers on a Gigabit Ethernet port. This gives the network administrator granular control of LAN bandwidth. Network Availability To provide efficient use of resources for bandwidth-intensive applications like multicasts, Cisco Catalyst 2950 Series Intelligent Ethernet Switches support Internet Group Management Protocol Version 3 (IGMPv3) snooping in hardware. Through the support and configuration of IGMP snooping © 2004 Cisco Systems, Inc. All rights reserved. Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com. Page 4 of 18