Be the first to review this product

Availability: In stock


Quick Overview


The Cisco® Catalyst® 3560 Series is a line of fixed-configuration, enterprise-class switches that include IEEE 802.3af and Cisco prestandard Power over Ethernet (PoE) functionality in Fast Ethernet and Gigabit Ethernet configurations. The Cisco Catalyst 3560 is an ideal access layer switch for small enterprise LAN access or branch-office environments, combining both 10/100/1000 and PoE configurations for maximum productivity and investment protection while enabling the deployment of new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks. Customers can deploy networkwide intelligent services-such as advanced quality of service (QoS), rate limiting, access control lists (ACLs), multicast management, and high-performance IP routing-while maintaining the simplicity of traditional LAN switching


Double click on above image to view full picture

Zoom Out
Zoom In

More Views


Product Description

Product Tags

  • Details

    CISCO WS-C3560-8PC-S

    The Cisco® Catalyst® 3560 Series is a line of fixed-configuration, enterprise-class switches that include IEEE 802.3af and Cisco prestandard Power over Ethernet (PoE) functionality in Fast Ethernet and Gigabit Ethernet configurations. The Cisco Catalyst 3560 is an ideal access layer switch for small enterprise LAN access or branch-office environments, combining both 10/100/1000 and PoE configurations for maximum productivity and investment protection while enabling the deployment of new applications such as IP telephony, wireless access, video surveillance, building management systems, and remote video kiosks. Customers can deploy networkwide intelligent services-such as advanced quality of service (QoS), rate limiting, access control lists (ACLs), multicast management, and high-performance IP routing-while maintaining the simplicity of traditional LAN switching. Available for the Cisco Catalyst 3560 Series at no charge, the Cisco Network Assistant is a centralized management application that simplifies the administration tasks for Cisco switches, routers, and wireless access points. Cisco Network Assistant provides configuration wizards that greatly simplify the implementation of converged networks and intelligent network services.

    The Cisco Catalyst 3560 is part of a larger and more scalable family of Cisco Catalyst switches that includes the Cisco Catalyst 3560-E Series switches, the Cisco Catalyst 3750 and 3750-E Series switches with Cisco StackWise™ technology, and the Cisco Catalyst 4500 and Catalyst 6500 modular switches. United by Cisco IOS® Software, the entire family offers industry-leading availability, integrated security, optimized delivery, and manageability.


    • Cisco Catalyst 3560-8PC: 8 Ethernet 10/100 ports with PoE and 1 dual-purpose 10/100/1000 and SFP port; compact form factor with no fan

    • Cisco Catalyst 3560-12PC: 12 Ethernet 10/100 ports with PoE and 1 dual-purpose 10/100/1000 and SFP port; compact form factor with no fan

    • Cisco Catalyst 3560-24TS: 24 Ethernet 10/100 ports and 2 Small Form-Factor Pluggable (SFP)-based Gigabit Ethernet ports; 1 rack unit (RU)

    • Cisco Catalyst 3560-48TS: 48 Ethernet 10/100 ports and 4 SFP-based Gigabit Ethernet ports; 1RU

    • Cisco Catalyst 3560-24PS: 24 Ethernet 10/100 ports with PoE and 2 SFP-based Gigabit Ethernet ports; 1 RU

    • Cisco Catalyst 3560-48PS: 48 Ethernet 10/100 ports with PoE and 4 SFP-based Gigabit Ethernet ports; 1RU

    • Cisco Catalyst 3560G-24TS: 24 Ethernet 10/100/1000 ports and 4 SFP-based Gigabit Ethernet ports; 1RU

    • Cisco Catalyst 3560G-48TS: 48 Ethernet 10/100/1000 ports and 4 SFP-based Gigabit Ethernet ports; 1RU

    • Cisco Catalyst 3560G-24PS: 24 Ethernet 10/100/1000 ports with PoE and 4 SFP-based Gigabit Ethernet ports; 1RU

    • Cisco Catalyst 3560G-48PS: 48 Ethernet 10/100/1000 ports with PoE and 4 SFP-based Gigabit Ethernet ports; 1RU

    The Cisco Catalyst 3560 Series can be purchased with the IP Base or IP Services licenses pre-installed. The IP Base license offers advanced QoS, rate limiting, ACLs, and basic static and Routing Information Protocol (RIP) routing functions. The IP Services license provides a richer set of enterprise-class features, including advanced hardware-based IPv6 unicast and IPv6 Multicast routing as well as policy-based routing (PBR). The IP Services license upgrades Cisco Catalyst 3560 Series switches to include IPv6 routing support. Upgrade licenses are available to upgrade a switch from the IP Base license to the IP Services license.

    The SFP-based GE ports accommodate a range of SFP transceivers, including the Cisco 1000BASE-T, 1000BASE-SX, 1000BASE-LX, 1000BASE-ZX, and CWDM SFP transceivers. These ports also support the Cisco Catalyst 3560 SFP Interconnect Cable for establishing a low-cost Gigabit Ethernet point-to-point connection.

    Power over Ethernet

    The Cisco Catalyst 3560 Series can provide a lower total cost of ownership (TCO) for deployments that incorporate Cisco IP phones, Cisco Aironet® wireless LAN (WLAN) access points, or any IEEE 802.3af-compliant end device. PoE removes the need for wall power to each PoE-enabled device and eliminates the cost for additional electrical cabling that would otherwise be necessary in IP phone and WLAN deployments. The Cisco Catalyst 3560 8-port PoE and 24-port PoE configurations can support 8 and 24 simultaneous full-powered PoE ports at 15.4W for maximum powered-device support. The Cisco Catalyst 3560 12-port PoE can support 8 ports at 15.4W or 12 ports at 10W or any combination in between. Taking advantage of Cisco Catalyst Intelligent Power Management, the 48-port PoE configurations can deliver the necessary power to support 24 ports at 15.4W, 48 ports at 7.7W, or any combination in between. Maximum power availability for a converged voice and data network is attainable when a Cisco Catalyst 3560 switch is combined with the Cisco RPS 2300 Redundant Power System for transparent protection against internal power supply failures and an uninterruptible power supply (UPS) system to safeguard against power outages.

    Gigabit Ethernet

    At speeds of 1000 Mbps, Gigabit Ethernet provides the bandwidth to meet new and evolving network demands, alleviate bottlenecks, and boost performance while increasing the return on existing infrastructure investments. Today's workers are placing higher demands on networks, running multiple, concurrent applications. For example, a worker joins a team conference call through an IP videoconference, sends a 10-MB spreadsheet to meeting participants, broadcasts the latest marketing video for the team to evaluate, and queries the customer-relationship-management database for the latest real-time feedback. Meanwhile, a multigigabyte system backup starts in the background and the latest virus updates are delivered to the client. The Cisco Catalyst 3560 provides a means to intelligently scale the network beyond 100 Mbps over existing Category 5 copper cabling and simultaneously support PoE for maximum productivity and investment protection.

    Intelligence in the Network

    Networks of today are evolving to address four new developments at the network edge:

    • Increase in desktop computing power

    • Introduction of bandwidth-intensive applications

    • Expansion of highly sensitive data on the network

    • Presence of multiple device types, such as IP phones, WLAN access points, and IP video cameras

    These new demands are contending for resources with many existing mission-critical applications. As a result, IT professionals must view the edge of the network as critical to effectively manage the delivery of information and applications.

    As companies increasingly rely on networks as the strategic business infrastructure, it is more important than ever to help ensure their high availability, security, scalability, and control. By adding Cisco intelligent functions for LAN access, customers can now deploy networkwide intelligent services that consistently address these requirements from the desktop to the core and through the WAN.

    With Cisco Catalyst Intelligent Ethernet switches, Cisco Systems® helps enable companies to realize the full benefits of adding intelligent services into their networks. Deployment of capabilities that make the network infrastructure highly available to accommodate time-critical needs, scalable to accommodate growth, secure enough to protect confidential information, and capable of differentiating and controlling traffic flows is critical to further optimizing network operations.

    Cisco EnergyWise Technology

    Cisco EnergyWise is an innovative architecture, added to the Cisco Catalyst 3560 switches, promoting companywide sustainability by reducing energy consumption across an entire corporate infrastructure and affecting more than 50 percent of global greenhouse gas emissions created by worldwide building infrastructure, a much greater effect than the 2 percent generated by the IT industry. Cisco EnergyWise enables companies to measure the power consumption of network infrastructure and network-attached devices and manage power consumption with specific policies, reducing power consumption to realize increased cost savings, potentially affecting any powered device.

    EnergyWise encompasses a highly intelligent network based approach to communicate messages that measure and control energy between network devices and endpoints. The network discovers Cisco EnergyWise manageable devices, monitors their power consumption, and takes action based on business rules to reduce power consumption. EnergyWise uses a unique domain-naming system to query and summarize information from large sets of devices, making it simpler than traditional network management capabilities. Cisco EnergyWise's management interfaces allow facilities and network management applications to communicate with endpoints and each other using the network as a unifying fabric. The management interface uses standard SNMP or SSL to integrate Cisco and third-party management systems.

    Cisco EnergyWise extends the network as a platform for power control plane for gathering, managing, and reducing power consumption of all devices, resulting in companywide optimized power delivery and reduced energy costs.

    Enhanced Security

    With the wide range of security features that the Cisco Catalyst 3560 Series offers, businesses can protect important information, keep unauthorized people off the network, guard privacy, and maintain uninterrupted operation.

    Cisco Identity Based Networking Services (IBNS) provides authentication, access control, and security policy administration to secure network connectivity and resources. Cisco IBNS in the Cisco Catalyst 3560 Series prevents unauthorized access and helps ensure that users get only their designated privileges. It provides the ability to dynamically administer granular levels of network access. Using the 802.1x standard and the Cisco Access Control Server (ACS), users can be assigned a VLAN or an ACL upon authentication, regardless of where they connect to the network. This setup allows IT departments to enable strong security policies without compromising user mobility-and with minimal administrative overhead.

    To guard against denial-of-service and other attacks, ACLs can be used to restrict access to sensitive portions of the network by denying packets based on source and destination MAC addresses, IP addresses, or TCP/UDP ports. ACL lookups are done in hardware, so forwarding performance is not compromised when implementing ACL-based security.

    Port security can be used to limit access on an Ethernet port based on the MAC address of the device to which it is connected. It also can be used to limit the total number of devices plugged into a switch port, thereby protecting the switch from a MAC flooding attack as well as reducing the risks of rogue wireless access points or hubs.

    With Dynamic Host Configuration Protocol (DHCP) snooping, DHCP spoofing can be thwarted by allowing only DHCP requests (but not responses) from untrusted user-facing ports. Additionally, the DHCP Interface Tracker (Option 82) helps enable granular control over IP address assignment by augmenting a host IP address request with the switch port ID. Building further on the DHCP snooping capabilities, IP address spoofing can be thwarted using Dynamic ARP Inspection and IP Source Guard.

    The MAC Address Notification feature can be used to monitor the network and track users by sending an alert to a management station so that network administrators know when and where users entered the network. The Private VLAN feature isolates ports on a switch, helping ensure that traffic travels directly from the entry point to the aggregation device through a virtual path and cannot be directed to another port.

    Secure Shell (SSH) Protocol Version 2, Kerberos, and Simple Network Management Protocol Version 3 (SNMPv3) encrypt administrative and network-management information, protecting the network from tampering or eavesdropping. TACACS+ or RADIUS authentication enables centralized access control of switches and restricts unauthorized users from altering the configurations. Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators.

    Availability and Scalability

    The Cisco Catalyst 3560 Series is equipped with a robust set of features that allow for network scalability and higher availability through IP routing as well as a complete suite of Spanning Tree Protocol enhancements aimed to maximize availability in a Layer 2 network.

    The Cisco Catalyst 3560 switches deliver high-performance, hardware-based IP routing. The Cisco Express Forwarding-based routing architecture allows for increased scalability and performance. This architecture allows for very high-speed lookups while also helping ensure the stability and scalability necessary to meet the needs of future requirements. In addition to dynamic IP unicast routing, the Cisco Catalyst 3560 Series is perfectly equipped for networks requiring multicast support. Protocol Independent Multicast (PIM) and Internet Group Management Protocol (IGMP) snooping in hardware make the Cisco Catalyst 3560 Series switches ideal for intensive multicast environments.

    Implementing routed uplinks to the core improves network availability by enabling faster failover protection and simplifying the Spanning Tree Protocol algorithm by terminating all Spanning Tree Protocol instances at the aggregator switch. If one of the uplinks fails, quicker failover to the redundant uplink can be achieved with a scalable routing protocol such as Open Shortest Path First (OSPF) or Enhanced Interior Gateway Routing Protocol (EIGRP) rather than relying on standard Spanning Tree Protocol convergence. Redirection of a packet after a link failure using a routing protocol results in faster failover than a solution that uses Layer 2 spanning-tree enhancements. Additionally, routed uplinks allow better bandwidth use by implementing equal cost routing (ECR) on the uplinks to perform load balancing. Routed uplinks optimize the utility of uplinks out of the LAN Access by eliminating unnecessary broadcast data flows into the network backbone.

    The Cisco Catalyst 3560 also offers dramatic bandwidth savings as a wiring-closet switch in a multicast environment. Using routed uplinks to the network core eliminates the requirement to transmit multiple streams of the same multicast from the upstream content servers to LAN access switches. For example, if three users are assigned to three separate VLANs and they all want to view multicast ABC, then three streams of multicast ABC must be transmitted from the upstream router to the wiring-closet switch-assuming the wiring-closet switch is not capable of routed uplinks. Deploying IP routing to the core with Cisco Catalyst 3560 switches allows users to create a scalable, multicast-rich network. The Cisco IP Services license offers IPv6 routing , including support for simultaneous IPv4 and IPv6 forwarding. IPv6 protocol support includes OSPFv3, and EIGRPv6. IPv6 management and MLD Snooping are supported on all Cisco Catalyst 3560 software images.

    Enhancements to the standard Spanning Tree Protocol, such as Per-VLAN Spanning Tree Plus (PVST+), Uplink Fast, and PortFast, maximize network uptime. PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design. Uplink Fast, PortFast, and BackboneFast all greatly reduce the standard 30- to 60-second Spanning Tree Protocol convergence time. Loop guard and bridge-protocol-data-unit (BPDU) guard provide Spanning Tree Protocol loop avoidance.

    Advanced QoS

    The Cisco Catalyst 3560 offers superior multilayer, granular QoS features to help ensure that network traffic is classified and prioritized, and that congestion is avoided in the best possible manner. Configuration of QoS is greatly simplified through automatic QoS (Auto QoS), a feature that detects Cisco IP phones and automatically configures the switch for the appropriate classification and egress queuing. This optimizes traffic prioritization and network availability without the challenge of a complex configuration.

    The Cisco Catalyst 3560 can classify, reclassify, police, mark, queue, and schedule incoming packets, and can queue and schedule packets at egress. Packet classification allows the network elements to discriminate between various traffic flows and enforce policies based on Layer 2 and Layer 3 QoS fields.

    To implement QoS, the Cisco Catalyst 3560 Series Switch first identifies traffic flows or packet groups, and classifies or reclassifies these groups using the Differentiated Services Code Point (DSCP) field or the 802.1p Class of Service (CoS) field. Classification and reclassification can be based on criteria as specific as the source or destination IP address, source or destination MAC address, or the Layer 4 TCP or UDP port. At the ingress, the Cisco Catalyst 3560 also polices to determine whether a packet is in or out of profile, marks to change the classification label, passes through or drops out of profile packets, and queues packets based on classification. Control- and data-plane ACLs are supported on all ports to help ensure proper treatment on a per-packet basis.

    The Cisco Catalyst 3560 supports four egress queues per port, allowing the network administrator to be more discriminating and specific in assigning priorities for the various applications on the LAN. At egress, the switch performs scheduling and congestion control. Scheduling is an algorithm or process that determines the order in which the queues are processed. The Cisco Catalyst 3560 Series Switch supports shaped round robin (SRR) and strict priority queuing. The SRR algorithm helps ensure differential prioritization.

    These QoS features allow network administrators to prioritize mission-critical and bandwidth-intensive traffic, such as enterprise resource planning (ERP) (Oracle, etc.), voice (IP telephony traffic), and computer-aided design (CAD) or computer-aided manufacturing (CAM) over less-time-sensitive applications such as FTP or e-mail. For example, it would be highly undesirable to have a large file download destined to one port on a wiring-closet switch and have quality implications such as increased latency in voice traffic destined to another port on this switch. This condition is avoided by making sure that voice traffic is properly classified and prioritized throughout the network. Other applications, such as Web browsing, can be treated as low priority and handled on a best-effort basis.

    The Cisco Catalyst 3560 Series can perform rate limiting through its support of the Cisco Committed Information Rate (CIR) function. Through CIR, bandwidth can be guaranteed in increments as low as 8 kbps. Bandwidth can be allocated based on several criteria, including MAC source address, MAC destination address, IP source address, IP destination address, and TCP or UDP port number. Bandwidth allocation is essential when network environments require service-level agreements or when it is necessary for the network manager to control the bandwidth given to certain users.


    The new Cisco Express Setup feature simplifies the initial configuration of a switch. Users now have the option to set up the switch through a Web browser, eliminating the need for more complex terminal-emulation programs and knowledge of the command-line interface (CLI). Cisco Express Setup reduces the cost of deployment by helping less-skilled personnel quickly and simply set up switches.

    Cisco Network Assistant is a PC-based network-management application optimized for LANs of small and medium-sized businesses with up to 250 users. Cisco Network Assistant offers centralized management of Cisco switches, routers, and WLAN access points. It supports a wide range of Cisco Catalyst intelligent switches from Cisco Catalyst 2950 through Cisco Catalyst 4506. Through a user-friendly GUI, users can configure and manage a wide array of switch functions and start the device manager of Cisco routers and Cisco wireless access points. A few mouse clicks enable the Cisco recommended security, availability, and QoS features without the need to consult a detailed design guide. The Security wizard automatically restricts unauthorized access to servers with sensitive data. Smartports and wizards save hours of time for network administrators, eliminate human errors, and help ensure that the configuration of the switch is optimized for these applications. Available at no cost, Cisco Network Assistant can be downloaded from

    In addition to the Cisco Network Assistant, the Cisco Catalyst 3560 Series switches provide for extensive management using SNMP network-management platforms such as CiscoWorks LAN Management Solution (LMS). LMS is a suite of powerful management tools that simplify the configuration, administration, monitoring, and troubleshooting of Cisco networks. It integrates these capabilities into a world-class solution for improving the accuracy and efficiency of your operations staff, while increasing the overall availability of your network. LMS supports over 400 different device types providing:

    • Network discovery, topology views, end-station tracking, and VLAN management

    • Real-time network fault analysis with easy-to-deploy device specific best-practice templates

    • Hardware and software inventory management, centralized configuration tools, and syslog monitoring

    • Network response time and availability monitoring and tracking

    • Real-time device, link, and port traffic management, analysis, and reporting

    Cisco Catalyst 3560 SFP Interconnect Cable

    The Cisco Catalyst 3560 SFP Interconnect Cable (see Figure 2) provides for a low-cost point-to-point Gigabit Ethernet connection between Cisco Catalyst 3560 switches. The 50cm cable is an alternative to using SFP transceivers when interconnecting Cisco Catalyst 3560 switches through their SFP ports over a short distance.



    Ease of Use and Deployment

    • Cisco Express Setup simplifies initial configuration with a Web browser, eliminating the need for more complex terminal emulation programs and CLI knowledge.

    • IEEE 802.3af and Cisco prestandard PoE support comes with automatic discovery to detect a Cisco prestandard or IEEE 802.3af endpoint and provide the necessary power without any user configuration.

    • DHCP autoconfiguration of multiple switches through a boot server eases switch deployment.

    • Automatic QoS (Auto QoS) simplifies QoS configuration in voice-over-IP (VoIP) networks by issuing interface and global switch commands to detect Cisco IP phones, classify traffic, and enable egress queue configuration.

    • Autosensing on each 10/100 port detects the speed of the attached device and automatically configures the port for 10- or 100-Mbps operation, easing switch deployment in mixed 10- and 100-Mbps environments.

    • Autonegotiating on all ports automatically selects half- or full-duplex transmission mode to optimize bandwidth.

    • Dynamic Trunking Protocol (DTP) helps enable dynamic trunk configuration across all switch ports.

    • Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel® groups or Gigabit EtherChannel groups to link to another switch, router, or server.

    • Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.

    • DHCP Server enables a convenient deployment option for the assignment of IP addresses in networks that do not have a dedicated DHCP server.

    • DHCP Relay allows a DHCP relay agent to broadcast DHCP requests to the network DHCP server.

    • IEEE 802.3z-compliant 1000BASE-SX, 1000BASE-LX/LH, 1000BASE-ZX, 1000BASE-T, and coarse wavelength-division multiplexing (CWDM) physical interface support through a field-replaceable SFP module provides unprecedented flexibility in switch deployment.

    • Support for the Cisco Catalyst 3560 SFP Interconnect Cable facilitates a low-cost, point-to-point gigabit connection between Cisco Catalyst 3560 Series switches.

    • The default configuration stored in Flash memory helps ensure that the switch can be quickly connected to the network and can pass traffic with minimal user intervention.

    • Automatic medium-dependent interface crossover (Auto-MDIX) automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight-through) is installed on a 10/100 port.

    • Time Domain Reflectometry (TDR) to diagnose and resolve cabling problems on copper Ethernet 10/100/1000 ports.

    Cisco EnergyWise

    • Cisco EnergyWise for greenhouse gas emissions and operational cost optimization by measuring, reporting, and reducing energy consumption across the entire corporate infrastructure, well beyond the scope of IT.

    Availability and Scalability

    Superior Redundancy for Fault Backup

    • Cisco Uplink Fast and BackboneFast technologies help ensure quick failover recovery, enhancing overall network stability and reliability.

    • IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) provides rapid spanning-tree convergence independent of spanning-tree timers and the benefit of distributed processing.

    • Per-VLAN Rapid Spanning Tree Plus (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.

    • Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, fail-safe routing topologies.

    • Command-switch redundancy enabled in Cisco Network Assistant software allows designation of a backup command switch that takes over cluster-management functions if the primary command switch fails.

    • Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links to be detected and disabled to avoid problems such as spanning-tree loops.

    • Switch port autorecovery (errdisable) automatically attempts to reenable a link that is disabled because of a network error.

    • Cisco RPS 2300 support provides superior internal power-source redundancy, resulting in improved fault tolerance and network uptime.

    • Equal cost routing (ECR) provides load balancing and redundancy.

    • Bandwidth aggregation up to 8 Gbps through Cisco Gigabit EtherChannel technology and up to 800 Mbps through Cisco Fast EtherChannel technology enhances fault tolerance and offers higher-speed aggregated bandwidth between switches and to routers and individual servers.

    High-Performance IP Routing

    • Cisco Express Forwarding hardware routing architecture delivers extremely high-performance IP routing.

    • Basic IP unicast routing protocols (static, RIPv1, RIPv2 and RIPng) are supported for small-network routing applications.

    • Advanced IP unicast routing protocols (OSPF, Interior Gateway Routing Protocol [IGRP], EIGRP, Border Gateway Protocol Version 4 [BGPv4] and IS-ISv4) are supported for load balancing and constructing scalable LANs. The IP Services license is required.

    • IPv6 routing capability (OSPFv3, EIGRPv6) is support. IP Services license is required.

    • Policy-Based Routing (PBR) allows superior control by enabling flow redirection regardless of the routing protocol configured.

    • Inter-VLAN IP routing provides for full Layer 3 routing between two or more VLANs.

    • Protocol Independent Multicast (PIM) for IP Multicast routing is supported, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode. The IP Services license is required.

    • Fallback bridging forwards non-IP traffic between two or more VLANs.

    Integrated Cisco IOS Software Features for Bandwidth Optimization

    • Per-port broadcast, multicast, and unicast storm control prevents faulty end stations from degrading overall systems performance.

    • IEEE 802.1d Spanning Tree Protocol support for redundant backbone connections and loop-free networks simplifies network configuration and improves fault tolerance.

    • PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design.

    • IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) allows a spanning-tree instance per VLAN, enabling Layer 2 load sharing on redundant links.

    • ECR provides load balancing and redundancy.

    • VPN routing/forwarding (VRF)-Lite enables a service provider to support two or more VPNs, with overlapping IP addresses.

    • Local Proxy Address Resolution Protocol (ARP) works in conjunction with Private VLAN Edge to minimize broadcasts and maximize available bandwidth.

    • VLAN1 minimization allows VLAN1 to be disabled on any individual VLAN trunk link.

    • VLAN Trunking Protocol (VTP) pruning limits bandwidth consumption on VTP trunks by flooding broadcast traffic only on trunk links required to reach the destination devices.

    • Internet Group Management Protocol v3 (IGMP) Snooping for IPv4 and IPv6 MLD v1 and v2 Snooping provide fast client joins and leaves of multicast streams and limits bandwidth-intensive video traffic to only the requestors.

    • IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.

    • Multicast VLAN registration (MVR) continuously sends multicast streams in a multicast VLAN while isolating the streams from subscriber VLANs for bandwidth and security reasons.

    QoS and Control

    Advanced QoS

    • Standard 802.1p CoS and DSCP field classification are provided, using marking and reclassification on a per-packet basis by source and destination IP address, source and destination MAC address, or Layer 4 TCP or UDP port number.

    • Cisco control- and data-plane QoS ACLs on all ports help ensure proper marking on a per-packet basis.

    • Four egress queues per port enable differentiated management of up to four traffic types.

    • SRR scheduling helps ensure differential prioritization of packet flows by intelligently servicing the ingress and egress queues.

    • Weighted tail drop (WTD) provides congestion avoidance at the ingress and egress queues before a disruption occurs.

    • Strict priority queuing guarantees that the highest-priority packets are serviced ahead of all other traffic.

    • There is no performance penalty for highly granular QoS functions.

    Granular Rate Limiting

    • The Cisco Committed Information Rate (CIR) function guarantees bandwidth in increments as low as 8 kbps.

    • Rate limiting is provided based on source and destination IP address, source and destination MAC address, Layer 4 TCP and UDP information, or any combination of these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.

    • Asynchronous data flows upstream and downstream from the end station or on the uplink are easily managed using ingress policing and egress shaping.

    • Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit Ethernet port.


    Networkwide Security Features

    • IEEE 802.1x allows dynamic, port-based security, providing user authentication.

    • IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.

    • IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or unauthorized state of the port.

    • IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses, including those of the client.

    • IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of where the user is connected.

    • IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access on the guest VLAN.

    • Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based browser for authentication.

    • Multi-Domain Authentication allows an IP phone and a PC to authenticate on the same switch port while placing them on appropriate Voice and Data VLAN.

    • MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant to get authenticated using their MAC address.

    • Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from being bridged within VLANs.

    • Cisco standard and extended IP security router ACLs (RACLs) define security policies on routed interfaces for control- and data-plane traffic.

    • Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on individual switch ports.

    • Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.

    • Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch has not already learned how to forward.

    • SSHv2, Kerberos, and SNMPv3 provide network security by encrypting administrator traffic during Telnet and SNMP sessions. SSHv2, Kerberos, and the cryptographic version of SNMPv3 require a special cryptographic software image because of U.S. export restrictions.

    • Private VLAN Edge provides security and isolation between switch ports, helping ensure that users cannot snoop on other users' traffic.

    • Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.

    • Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure Intrusion Detection System (IDS) to take action when an intruder is detected.

    • TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized users from altering the configuration.

    • MAC address notification allows administrators to be notified of users added to or removed from the network.

    • Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting the insecure nature of the ARP protocol.

    • DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC addresses. This can be used to prevent attacks that attempt to poison the DHCP binding database, and to rate limit the amount of DHCP traffic that enters a switch port.

    • IP source guard prevents a malicious user from spoofing or taking over another user's IP address by creating a binding table between the client's IP and MAC address, port, and VLAN.

    • DHCP Interface Tracker (Option 82) augments a host IP address request with the switch port ID.

    • Port security secures the access to an access or trunk port based on MAC address.

    • After a specific timeframe, the aging feature removes the MAC address from the switch to allow another device to connect to the same port.

    • Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is present and to disable the trust setting if the IP phone is removed, thereby preventing a malicious user from overriding prioritization policies in the network.

    • Multilevel security on console access prevents unauthorized users from altering the switch configuration.

    • The user-selectable address-learning mode simplifies configuration and enhances security.

    • BPDU Guard shuts down Spanning Tree Protocol PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.

    • Spanning-Tree Root Guard (STRG) prevents edge devices not in the network administrator's control from becoming Spanning Tree Protocol root nodes.

    • IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.

    • Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server (VMPS) client functions to provide flexibility in assigning ports to VLANs. Dynamic VLAN helps enable the fast assignment of IP addresses.

    • Cisco Network Assistant software security wizards ease the deployment of security features for restricting user access to a server as well as to a portion of or the entire network.

    • Two thousand access control entries (ACEs) are supported.

  • Product Tags

    Use spaces to separate tags. Use single quotes (') for phrases.