Коммутатор Cisco Catalyst WS-C3560G-48PS-S
- Мощная система управления качеством обслуживания (QoS)
- Ограничение скорости передачи данных
- Списки контроля доступа (ACL).
- Управление мультивещанием
- Высокопроизводительная IP-маршрутизация
Features and Benefits of Cisco Catalyst 3560 Series
Ease of Use and Deployment
• Cisco Express Setup simplifies initial configuration with a Web browser, eliminating the need for more complex terminal emulation programs and CLI knowledge.
• IEEE 802.3af and Cisco prestandard PoE support comes with automatic discovery to detect a Cisco prestandard or IEEE 802.3af endpoint and provide the necessary power without any user configuration.
• DHCP autoconfiguration of multiple switches through a boot server eases switch deployment.
• Automatic QoS (Auto QoS) simplifies QoS configuration in voice-over-IP (VoIP) networks by issuing interface and global switch commands to detect Cisco IP phones, classify traffic, and enable egress queue configuration.
• Autosensing on each 10/100 port detects the speed of the attached device and automatically configures the port for 10- or 100-Mbps operation, easing switch deployment in mixed 10- and 100-Mbps environments.
• Autonegotiating on all ports automatically selects half- or full-duplex transmission mode tooptimize bandwidth.
• Dynamic Trunking Protocol (DTP) helps enable dynamic trunk configuration across all switch ports.
• Port Aggregation Protocol (PAgP) automates the creation of Cisco Fast EtherChannel ® groups or Gigabit EtherChannel groups to link to another switch, router, or server.
• Link Aggregation Control Protocol (LACP) allows the creation of Ethernet channeling with devices that conform to IEEE 802.3ad. This feature is similar to Cisco EtherChannel technology and PAgP.
• DHCP Server enables a convenient deployment option for the assignment of IP addresses innetworks that do not have a dedicated DHCP server.
• DHCP Relay allows a DHCP relay agent to broadcast DHCP requests to the network DHCP server.
• IEEE 802.3z-compliant 1000BASE-SX, 1000BASE-LX/LH, 1000BASE-ZX, 1000BASE-T, and coarse wavelength-division multiplexing (CWDM) physical interface support through a field-replaceable SFP module provides unprecedented flexibility in switch deployment.
• Support for the Cisco Catalyst 3560 SFP Interconnect Cable facilitates a low-cost, point-to-point gigabit connection between Cisco Catalyst 3560 Series switches.
• The default configuration stored in Flash memory helps ensure that the switch can be quickly connected to the network and can pass traffic with minimal user intervention.
• Automatic medium-dependent interface crossover (Auto-MDIX) automatically adjusts transmit and receive pairs if an incorrect cable type (crossover or straight-through) is installed on a 10/100 port.
• Time Domain Reflectometry (TDR) to diagnose and resolve cabling problems on copper Ethernet 10/100/1000 ports.
• Cisco EnergyWise for greenhouse gas emissions and operational cost optimization by measuring, reporting, and reducing energy consumption across the entire corporate infrastructure, well beyond the scope of IT.
Availability and Scalability
Superior Redundancy for FaultBackup
● Cisco Uplink Fast and BackboneFast technologies help ensure quick failover recovery, enhancing overallnetwork stability and reliability.
● IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) provides rapid spanning-tree convergence independent of spanning-tree timers and the benefit of distributed processing.
● Per-VLAN Rapid Spanning Tree Plus (PVRST+) allows rapid spanning-tree reconvergence on a per-VLAN spanning-tree basis, without requiring the implementation of spanning-tree instances.
● Cisco Hot Standby Router Protocol (HSRP) is supported to create redundant, fail-safe routing topologies.
• Command-switch redundancy enabled in Cisco Network Assistant software allows designation of a backup command switch that takes over cluster-management functions if the primary command switch fails.
• Unidirectional Link Detection Protocol (UDLD) and Aggressive UDLD allow unidirectional links to be detected and disabled to avoid problems such as spanning-tree loops.
• Switch port autorecovery (errdisable) automatically attempts to reenable a link that is disabled because of anetwork error.
• Cisco RPS 2300 support provides superior internal power-source redundancy, resulting in improved fault tolerance and network uptime.
• Equal cost routing (ECR) provides load balancing and redundancy.
• Bandwidth aggregation up to 8 Gbps through Cisco Gigabit EtherChannel technology and up to 800 Mbps through Cisco Fast EtherChannel technology enhances fault tolerance and offers higher-speed aggregated bandwidth between switches and to routers and individual servers.
High-Performance IP Routing
● Cisco Express Forwarding hardware routing architecture delivers extremely high-performance IP routing.
● Basic IP unicast routing protocols (static, RIPv1, RIPv2 and RIPng) are supported for small-network routing applications.
• Advanced IP unicast routing protocols (OSPF, Interior Gateway Routing Protocol [IGRP], EIGRP, Border Gateway Protocol Version 4 [BGPv4] and IS-ISv4) are supported for load balancing and constructing scalable LANs. The IP Services license is required.
● IPv6 routing capability (OSPFv3, EIGRPv6) is support. IP Services license is required.
• Policy-Based Routing (PBR) allows superior control by enabling flow redirection regardless of the routing protocol configured.
● Inter-VLAN IP routing provides for full Layer 3 routing between two or more VLANs.
● Protocol Independent Multicast (PIM) for IP Multicast routing is supported, including PIM sparse mode (PIM-SM), PIM dense mode (PIM-DM), and PIM sparse-dense mode. The IP Services license is required.
• Fallback bridging forwards non-IP traffic between two or more VLANs.
Integrated Cisco IOS Software Features for Bandwidth Optimization
● Per-port broadcast, multicast, and unicast storm control prevents faulty end stations from degrading overall systems performance.
● IEEE 802.1d Spanning Tree Protocol support for redundant backbone connections and loop-free networks simplifies network configuration and improves fault tolerance.
● PVST+ allows for Layer 2 load sharing on redundant links to efficiently use the extra capacity inherent in a redundant design.
● IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) allows a spanning-tree instance per VLAN, enabling Layer 2 load sharing on redundant links.
● ECR provides load balancing and redundancy.
● VPN routing/forwarding (VRF)-Lite enables a service provider to support two or more VPNs, with overlapping IP addresses.
● Local Proxy Address Resolution Protocol (ARP) works in conjunction with Private VLAN Edge to minimize broadcasts and maximize available bandwidth.
● VLAN1 minimization allows VLAN1 to be disabled on any individual VLAN trunk link.
● VLAN Trunking Protocol (VTP) pruning limits bandwidth consumption on VTP trunks by flooding broadcast traffic only on trunk links required to reach the destination devices.
● Internet Group Management Protocol v3 (IGMP) Snooping for IPv4 and IPv6 MLD v1 and v2 Snooping provide fast client joins and leaves of multicast streams and limits bandwidth-intensive video traffic to only the requestors.
● IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.
● Multicast VLAN registration (MVR) continuously sends multicast streams in a multicast VLAN while isolating the streams from subscriber VLANs for bandwidth and security reasons.
QoS and Control
• Standard 802.1p CoS and DSCP field classification are provided, using marking and reclassification on aper-packet basis by source and destination IP address, source and destination MAC address, or Layer 4 TCP or UDP port number.
• Cisco control- and data-plane QoS ACLs on all ports help ensure proper marking on a per-packet basis.
• Four egress queues per port enable differentiated management of up to four traffic types.
• SRR scheduling helps ensure differential prioritization of packet flows by intelligently servicing the ingress and egress queues.
• Weighted tail drop (WTD) provides congestion avoidance at the ingress and egress queues before a disruption occurs.
• Strict priority queuing guarantees that the highest-priority packets are serviced ahead of all other traffic.
• There is no performance penalty for highly granular QoS functions.
Granular Rate Limiting
● The Cisco Committed Information Rate (CIR) function guarantees bandwidth in increments as low as 8kbps.
● Rate limiting is provided based on source and destination IP address, source and destination MAC address, Layer 4 TCP and UDP information, or any combination of these fields, using QoS ACLs (IP ACLs or MAC ACLs), class maps, and policy maps.
● Asynchronous data flows upstream and downstream from the end station or on the uplink are easily managed using ingress policing and egress shaping.
● Up to 64 aggregate or individual policers are available per Fast Ethernet or Gigabit Ethernet port.
Networkwide Security Features
● IEEE 802.1x allows dynamic, port-based security, providing user authentication.
● IEEE 802.1x with VLAN assignment allows a dynamic VLAN assignment for a specific user regardless of where the user is connected.
● IEEE 802.1x with voice VLAN permits an IP phone to access the voice VLAN irrespective of the authorized or unauthorized state of the port.
● IEEE 802.1x and port security are provided to authenticate the port and manage network access for all MAC addresses, including those of the client.
● IEEE 802.1x with an ACL assignment allows for specific identity-based security policies regardless of where the user is connected.
● IEEE 802.1x with Guest VLAN allows guests without 802.1x clients to have limited network access on the guest VLAN.
● Web authentication for non-802.1x clients allows non-802.1x clients to use an SSL-based browser for authentication.
● Multi-Domain Authentication allows an IP phone and a PC to authenticate on thesame switch port while placing them on appropriate Voice and Data VLAN.
● MAC Auth Bypass (MAB) for voice allows third-party IP phones without an 802.1x supplicant to get authenticated using their MAC address.
● Cisco security VLAN ACLs (VACLs) on all VLANs prevent unauthorized data flows from being bridged within VLANs.
● Cisco standard and extended IP security router ACLs (RACLs) define security policies on routed interfaces for control- and data-plane traffic.
● Port-based ACLs (PACLs) for Layer 2 interfaces allow application of security policies on individual switch ports.
● Unicast MAC filtering prevents the forwarding of any type of packet with a matching MAC address.
● Unknown unicast and multicast port blocking allows tight control by filtering packets that the switch hasnot already learned how to forward.
● SSHv2, Kerberos, and SNMPv3 provide network security by encrypting administrator traffic during Telnetand SNMP sessions. SSHv2, Kerberos, and the cryptographic version of SNMPv3 require a specialcryptographic software image because of U.S. export restrictions.
● Private VLAN Edge provides security and isolation between switch ports, helping ensure that users cannot snoopon other users' traffic.
● Private VLANs restrict traffic between hosts in a common segment by segregating traffic at Layer 2, turning a broadcast segment into a nonbroadcast multi-access-like segment.
● Bidirectional data support on the Switched Port Analyzer (SPAN) port allows the Cisco Secure Intrusion Detection System (IDS) to take action when an intruder is detected.
● TACACS+ and RADIUS authentication enable centralized control of the switch and restrict unauthorized users from altering the configuration.
● MAC address notification allows administrators to be notified of users added to or removed from the network.
● Dynamic ARP Inspection (DAI) helps ensure user integrity by preventing malicious users from exploiting the insecure nature of the ARP protocol.
● DHCP snooping allows administrators to help ensure consistent mapping of IP to MAC addresses. This can be used to prevent attacks that attempt to poison the DHCP binding database, and to rate limit the amount of DHCP traffic that enters a switch port.
● IP source guard prevents a malicious user from spoofing or taking over another user's IP address by creating a binding table between the client's IP and MAC address, port, and VLAN.
● DHCP Interface Tracker (Option 82) augments a host IP address request with the switch port ID.
• Port security secures the access to an access or trunk port based on MAC address.
● After a specific timeframe, the aging feature removes the MAC address from the switch to allow another device to connect to the same port.
● Trusted Boundary provides the ability to trust the QoS priority settings if an IP phone is present and to disable the trust setting if the IP phone is removed, thereby preventing a malicious user from overriding prioritization policies in the network.
● Multilevel security on console access prevents unauthorized users from altering the switch configuration.
● The user-selectable address-learning mode simplifies configuration and enhances security.
● BPDU Guard shuts down Spanning Tree Protocol PortFast-enabled interfaces when BPDUs are received to avoid accidental topology loops.
● Spanning-Tree Root Guard (STRG) prevents edge devices not in the network administrator's control from becoming Spanning Tree Protocol root nodes.
● IGMP filtering provides multicast authentication by filtering out nonsubscribers and limits the number of concurrent multicast streams available per port.
● Dynamic VLAN assignment is supported through implementation of VLAN Membership Policy Server (VMPS) client functions to provide flexibility in assigning ports to VLANs. Dynamic VLAN helps enable the fast assignment of IP addresses.
● Cisco Network Assistant software security wizards ease the deployment of security features for restricting user access to a server as well as to a portion of or the entire network.
● Two thousand access control entries (ACEs) are supported.
● Cisco IOS CLI support provides a common user interface and command set with all Cisco routers and Cisco Catalyst desktop switches.
● Cisco Discovery Protocol version 2 (CDPv2) allows the Cisco Catalyst 3560 Series Switch to negotiate a more granular power setting when connecting to a Cisco powered device, such as IP phones or access points, than what is provided by IEEE classification.
● The PoE MIB provides proactive visibility into power usage and allows customers to set different power level thresholds.
● Switching Database Manager templates for access, routing, and VLAN deployment scenarios allow the administrator to easily maximize memory allocation to the desired features based on deployment-specific requirements.
● Generic On-Line Diagnostic (GOLD) checks the health of hardware components and verifies proper operation of the system data and control plane at run time and boot time.
● VLAN trunks can be created from any port, using either standards-based 802.1Q tagging or the Cisco Inter-Switch Link (ISL) VLAN architecture.
● Up to 1024 VLANs and up to 128 spanning-tree instances per switch are supported.
● Four thousand VLAN IDs are supported.
● Voice VLAN simplifies telephony installations by keeping voice traffic on a separate VLAN for easier administration and troubleshooting.
● Cisco VTP supports dynamic VLANs and dynamic trunk configuration across all switches.
• IGMPv3 snooping provides fast client joins and leaves of multicast streams and limits bandwidth-intensive video traffic to only the requestors.
● Remote SPAN (RSPAN) allows administrators to remotely monitor ports in a Layer 2 switch network from any other switch in the same network.
● For enhanced traffic management, monitoring, and analysis, the Embedded Remote Monitoring (RMON) software agent supports four RMON groups (history, statistics, alarms, and events).
● Layer 2 traceroute eases troubleshooting by identifying the physical path that a packet takes from source todestination.
● All nine RMON groups are supported through a SPAN port, which permits traffic monitoring of a single port, a group of ports from a single network analyzer or RMON probe.
● Domain Name System (DNS) provides IP address resolution with user-defined device names.
• Trivial File Transfer Protocol (TFTP) reduces the cost of administering software upgrades by downloading from a centralized location.
• Network Timing Protocol (NTP) provides an accurate and consistent timestamp to all intranet switches.
• Multifunction LEDs per port for port status; half-duplex and full-duplex mode; and 10BASE-T, 100BASE-TX, and 1000BASE-T indication as well as switch-level status LEDs for system, redundant power supply, and bandwidth use provide a comprehensive and convenient visual management system.
Cisco Network AssistantSoftware
● Cisco Network Assistant is a free, Windows-based application that simplifies the administration of networks of up to 250 users. It supports a wide range of Cisco Catalyst intelligent switches from Cisco Catalyst 2950 through Cisco Catalyst 4506. With Cisco Network Assistant, users can manage Cisco Catalyst switches plus launch the device managers of Cisco integrated services routers (ISRs) and Cisco Aironet WLAN access points.
● The easy-to-use graphical interface provides both a topology map and front-panel view of the switch.
● Cisco AVVID (Architecture for Voice, Video and Integrated Data) wizards need just a few user inputs to automatically configure the switch to optimally handle different types of traffic: voice, video, multicast, andhigh-priority data.
● A security wizard is provided to restrict unauthorized access to applications, servers, and networks.
● Upgrading the Cisco IOS Software on Cisco Catalyst switches is a simple matter of pointing and clicking, with one-click upgrades.
● Cisco Network Assistant supports multilayer feature configurations such as routing protocols, ACLs, and QoS parameters.
● Multidevice and multiport configuration capabilities allow administrators to save time by configuring features across multiple switches and ports simultaneously.
● The user-personalized interface allows modification of polling intervals, table views, and other settings.
● Alarm notification provides automated e-mail notification of network errors and alarm thresholds.
Cisco Express Setup
● Cisco Express Setup simplifies initial configuration of a switch through a Web browser, eliminating the need for more complex terminal emulation programs and CLI knowledge.
● The Web interface helps less-skilled personnel quickly and simply set up switches, thereby reducing the cost of deployment.
● CiscoWorks network-management software provides management capabilities on a per-port and per-switch basis, providing a common management interface for Cisco routers, switches, and hubs.
● SNMP v1, v2c, and v3 and Telnet interface support delivers comprehensive in-band management, and a CLI-based management console provides detailed out-of-band management.
● Cisco Discovery Protocol Versions 1 and 2 help enable a CiscoWorks network-management station for automatic switch discovery.
● The CiscoWorks LAN Management Solution supports the Cisco Catalyst 3560 Series.