Performance |
Switching capacity | 128.0 Gbps |
Forwarding rate | 95.23 Mbps |
Power over Ethernet (PoE) |
Power dedicated to PoE | 385W |
Number of ports that support PoE | 24 |
Layer 2 switching |
Spanning Tree Protocol (STP) | Standard 802.1d spanning tree support |
Fast convergence using 802.1w (Rapid Spanning Tree Protocol [RSTP]), enabled by default Multiple spanning tree instances using 802.1s (MSTP); 8 instances are supported |
Per-VLAN Spanning Tree Plus (PVST+); 126 instances are supported |
Rapid PVST+ (RPVST+); 126 instances are supported |
Port grouping/link aggregation | Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP) |
Up to 4 groups |
Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad Link Aggregation Group (LAG) |
VLAN | Support for up to 255 active VLANs simultaneously Port-based and 802.1Q tag-based VLANs Management VLAN |
Guest VLAN |
Auto Surveillance VLAN (ASV) |
Voice VLAN | Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS. Voice Services Discovery Protocol (VSDP) delivers networkwide zero-touch deployment of voice endpoints and call control devices |
Generic VLAN Registration Protocol (GVRP) and Generic Attribute Registration Protocol (GARP) | Enable automatically propagation and configuration of VLANs in a bridged domain |
Internet Group Management Protocol (IGMP) versions 1, 2, and 3 snooping | Limits bandwidth-intensive multicast traffic to only the requesters; supports 255 multicast groups (source-specific multicasting is also supported) |
IGMP querier | Used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router |
Head-of-Line (HOL) blocking | HOL blocking prevention |
Loopback detection | Provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. It operates independently of STP |
Layer 3 routing |
IPv4 routing | Wire-speed routing of IPv4 packets |
Up to 32 static routes and up to 16 IP interfaces |
IPv6 routing | Wire-speed routing of IPv6 packets |
Layer 3 interface | Configuration of Layer 3 interface on physical port, LAG, VLAN interface, or loopback interface |
Classless Interdomain Routing (CIDR) | Support for CIDR |
Dynamic Host Configuration Protocol (DHCP) relay at Layer 3 | Relay of DHCP traffic across IP domains |
User Datagram Protocol (UDP) relay | Relay of broadcast information across Layer 3 domains for application discovery or relaying of Bootstrap Protocol (BootP)/DHCP packets |
Security |
Secure Sockets Layer (SSL) | Encrypts all HTTPS traffic, allowing secure access to the browser-based management GUI in the switch |
SSH Protocol | SSH is a secure replacement for Telnet traffic. Secure Copy (SCP) also uses SSH. SSH v1 and v2 are supported. |
IEEE 802.1X (authenticator role) | RADIUS authentication, guest VLAN, single/multiple host mode, and single/multiple sessions |
STP loopback guard | Provides additional protection against Layer 2 forwarding loops (STP loops) |
Secure Core Technology (SCT) | Ensures that the switch will receive and process management and protocol traffic no matter how much traffic is received |
Secure Sensitive Data (SSD) | A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices and a secure auto-configuration. Access to view the sensitive data as plain text or encrypted is provided according to the user- configured access level and the access method of the user |
Trustworthy systems | Trustworthy systems provide a highly secure foundation for Cisco products |
Run-time defenses (Executable Space Protection [X-Space], Address Space Layout Randomization [ASLR], Built-In Object Size Checking [BOSC]) |
Port security | Ability to lock source MAC addresses to ports and limit the number of learned MAC addresses |
RADIUS | Supports RADIUS authentication for management access. Switch functions as a client |
Storm control | Broadcast, multicast, and unknown unicast |
DoS prevention | DoS attack prevention |
Multiple user privilege levels in CLI | Level 1, 7, and 15 privilege levels |
ACLs | Support for up to 512 rules |
Drop or rate limit based on source and destination MAC, VLAN ID, IPv4 or IPv6 address, IPv6 flow label, protocol, port, Differentiated Services Code Point (DSCP)/IP precedence, TCP/UDP source and destination ports, 802.1p priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets, TCP flag; ACL can be applied on both ingress and egress sides |
Time-based ACLs supported |
Quality of service |
Priority levels | 8 hardware queues |
Scheduling | Strict priority and Weighted Round-Robin (WRR) queue assignment based on DSCP and Class of Service (802.1p/CoS) |
Class of service | Port based, 802.1p VLAN priority based, IPv4/v6 IP precedence/Type of Service (ToS)/DSCP based, Differentiated Services (DiffServ), classification and re-marking ACLs, trusted QoS |
Rate limiting | Ingress policer, egress shaping and rate control per VLAN, per port, and flow based |
Congestion avoidance | A TCP congestion avoidance algorithm is required to reduce and prevent global TCP loss synchronization |
IPv6 |
IPv6 | IPv6 host mode IPv6 over Ethernet Dual IPv6/IPv4 stack |
IPv6 Neighbor Discovery (ND) |
IPv6 stateless address auto-configuration |
Path Maximum Transmission Unit (MTU) discovery Duplicate Address Detection (DAD) |
ICMP version 6 |
IPv6 over IPv4 network with Intrasite Automatic Tunnel Addressing Protocol (ISATAP) support |
USGv6 and IPv6 Gold Logo certified |
IPv6 QoS | Prioritizes IPv6 packets in hardware |
IPv6 ACL | Drop or rate-limit IPv6 packets in hardware |
Multicast Listener Discovery (MLD v1/2) snooping | Delivers IPv6 multicast packets only to the required receivers |
IPv6 applications | Web/SSL, Telnet server/SSH, Ping, Traceroute, Simple Network Time Protocol (SNTP), Trivial File Transfer Protocol (TFTP), Simple Network Management Protocol (SNMP), RADIUS, Syslog, DNS client, DHCP client, DHCP auto-configuration |
Management |
Cisco Business Dashboard | Support for embedded probe for Cisco Business Dashboard running on the switch. Eliminates the need to set up a separate hardware or Virtual Machine for the Cisco Business Dashboard probe onsite |
Cisco Business mobile app | Mobile app for Cisco Business switch and wireless products. Helps to set up a local network in minutes and provide easy management at your fingertips. |
Cisco Network Plug and Play (PnP) agent | The Cisco Network PnP solution provides a simple, secure, unified, and integrated offering to ease new branch or campus device rollouts or for provisioning updates to an existing network. The solution provides a unified approach to provision Cisco routers, switches, and wireless devices with a near-zero-touch deployment experience. |
Supports Cisco PnP Connect |
Web user interface | Built-in switch configuration utility for easy browser-based device configuration (HTTP/HTTPS). Supports configuration, wizards, system dashboard, system maintenance, and monitoring |
Basic and advanced mode for maximum operational efficiency |
SNMP | SNMP versions 1, 2c, and 3 with support for traps, and SNMP v3 User-Based Security Model (USM) |