|
Performance
|
|
Switching capacity
|
128.0 Gbps
|
|
Forwarding rate
|
95.23 Mbps
|
|
Power over Ethernet (PoE)
|
|
Power dedicated to PoE
|
385W
|
|
Number of ports that support PoE
|
24
|
|
Layer 2 switching
|
|
Spanning Tree Protocol (STP)
|
Standard 802.1d spanning tree support
|
|
Fast convergence using 802.1w (Rapid Spanning Tree Protocol [RSTP]), enabled by default Multiple spanning tree instances using 802.1s (MSTP); 8 instances are supported
|
|
Per-VLAN Spanning Tree Plus (PVST+); 126 instances are supported
|
|
Rapid PVST+ (RPVST+); 126 instances are supported
|
|
Port grouping/link aggregation
|
Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP)
|
|
Up to 4 groups
|
|
Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad Link Aggregation Group (LAG)
|
|
VLAN
|
Support for up to 255 active VLANs simultaneously Port-based and 802.1Q tag-based VLANs Management VLAN
|
|
Guest VLAN
|
|
Auto Surveillance VLAN (ASV)
|
|
Voice VLAN
|
Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS. Voice Services Discovery Protocol (VSDP) delivers networkwide zero-touch deployment of voice endpoints and call control devices
|
|
Generic VLAN Registration Protocol (GVRP) and Generic Attribute Registration Protocol (GARP)
|
Enable automatically propagation and configuration of VLANs in a bridged domain
|
|
Internet Group Management Protocol (IGMP) versions 1, 2, and 3 snooping
|
Limits bandwidth-intensive multicast traffic to only the requesters; supports 255 multicast groups (source-specific multicasting is also supported)
|
|
IGMP querier
|
Used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router
|
|
Head-of-Line (HOL) blocking
|
HOL blocking prevention
|
|
Loopback detection
|
Provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. It operates independently of STP
|
|
Layer 3 routing
|
|
IPv4 routing
|
Wire-speed routing of IPv4 packets
|
|
Up to 32 static routes and up to 16 IP interfaces
|
|
IPv6 routing
|
Wire-speed routing of IPv6 packets
|
|
Layer 3 interface
|
Configuration of Layer 3 interface on physical port, LAG, VLAN interface, or loopback interface
|
|
Classless Interdomain Routing (CIDR)
|
Support for CIDR
|
|
Dynamic Host Configuration Protocol (DHCP) relay at Layer 3
|
Relay of DHCP traffic across IP domains
|
|
User Datagram Protocol (UDP) relay
|
Relay of broadcast information across Layer 3 domains for application discovery or relaying of Bootstrap Protocol (BootP)/DHCP packets
|
|
Security
|
|
Secure Sockets Layer (SSL)
|
Encrypts all HTTPS traffic, allowing secure access to the browser-based management GUI in the switch
|
|
SSH Protocol
|
SSH is a secure replacement for Telnet traffic. Secure Copy (SCP) also uses SSH. SSH v1 and v2 are supported.
|
|
IEEE 802.1X (authenticator role)
|
RADIUS authentication, guest VLAN, single/multiple host mode, and single/multiple sessions
|
|
STP loopback guard
|
Provides additional protection against Layer 2 forwarding loops (STP loops)
|
|
Secure Core Technology (SCT)
|
Ensures that the switch will receive and process management and protocol traffic no matter how much traffic is received
|
|
Secure Sensitive Data (SSD)
|
A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices and a secure auto-configuration. Access to view the sensitive data as plain text or encrypted is provided according to the user- configured access level and the access method of the user
|
|
Trustworthy systems
|
Trustworthy systems provide a highly secure foundation for Cisco products
|
|
Run-time defenses (Executable Space Protection [X-Space], Address Space Layout Randomization [ASLR], Built-In Object Size Checking [BOSC])
|
|
Port security
|
Ability to lock source MAC addresses to ports and limit the number of learned MAC addresses
|
|
RADIUS
|
Supports RADIUS authentication for management access. Switch functions as a client
|
|
Storm control
|
Broadcast, multicast, and unknown unicast
|
|
DoS prevention
|
DoS attack prevention
|
|
Multiple user privilege levels in CLI
|
Level 1, 7, and 15 privilege levels
|
|
ACLs
|
Support for up to 512 rules
|
|
Drop or rate limit based on source and destination MAC, VLAN ID, IPv4 or IPv6 address, IPv6 flow label, protocol, port, Differentiated Services Code Point (DSCP)/IP precedence, TCP/UDP source and destination ports, 802.1p priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets, TCP flag; ACL can be applied on both ingress and egress sides
|
|
Time-based ACLs supported
|
|
Quality of service
|
|
Priority levels
|
8 hardware queues
|
|
Scheduling
|
Strict priority and Weighted Round-Robin (WRR) queue assignment based on DSCP and Class of Service (802.1p/CoS)
|
|
Class of service
|
Port based, 802.1p VLAN priority based, IPv4/v6 IP precedence/Type of Service (ToS)/DSCP based, Differentiated Services (DiffServ), classification and re-marking ACLs, trusted QoS
|
|
Rate limiting
|
Ingress policer, egress shaping and rate control per VLAN, per port, and flow based
|
|
Congestion avoidance
|
A TCP congestion avoidance algorithm is required to reduce and prevent global TCP loss synchronization
|
|
IPv6
|
|
IPv6
|
IPv6 host mode IPv6 over Ethernet Dual IPv6/IPv4 stack
|
|
IPv6 Neighbor Discovery (ND)
|
|
IPv6 stateless address auto-configuration
|
|
Path Maximum Transmission Unit (MTU) discovery Duplicate Address Detection (DAD)
|
|
ICMP version 6
|
|
IPv6 over IPv4 network with Intrasite Automatic Tunnel Addressing Protocol (ISATAP) support
|
|
USGv6 and IPv6 Gold Logo certified
|
|
IPv6 QoS
|
Prioritizes IPv6 packets in hardware
|
|
IPv6 ACL
|
Drop or rate-limit IPv6 packets in hardware
|
|
Multicast Listener Discovery (MLD v1/2) snooping
|
Delivers IPv6 multicast packets only to the required receivers
|
|
IPv6 applications
|
Web/SSL, Telnet server/SSH, Ping, Traceroute, Simple Network Time Protocol (SNTP), Trivial File Transfer Protocol (TFTP), Simple Network Management Protocol (SNMP), RADIUS, Syslog, DNS client, DHCP client, DHCP auto-configuration
|
|
Management
|
|
Cisco Business Dashboard
|
Support for embedded probe for Cisco Business Dashboard running on the switch. Eliminates the need to set up a separate hardware or virtual machine for the Cisco Business Dashboard probe onsite
|
|
Cisco Business mobile app
|
Mobile app for Cisco Business switch and wireless products. Helps to set up a local network in minutes and provide easy management at your fingertips.
|
|
Cisco Network Plug and Play (PnP) agent
|
The Cisco Network PnP solution provides a simple, secure, unified, and integrated offering to ease new branch or campus device rollouts or for provisioning updates to an existing network. The solution provides a unified approach to provision Cisco routers, switches, and wireless devices with a near-zero-touch deployment experience.
|
|
Supports Cisco PnP Connect
|
|
Web user interface
|
Built-in switch configuration utility for easy browser-based device configuration (HTTP/HTTPS). Supports configuration, wizards, system dashboard, system maintenance, and monitoring
|
|
Basic and advanced mode for maximum operational efficiency
|
|
SNMP
|
SNMP versions 1, 2c, and 3 with support for traps, and SNMP v3 User-Based Security Model (USM)
|
