Performance
Switching capacity 128.0 Gbps
Forwarding rate 95.23 Mbps
Power over Ethernet (PoE)
Power dedicated to PoE 195W
Number of ports that support PoE 24
Layer 2 switching
Spanning Tree Protocol (STP) Standard 802.1d spanning tree support
Fast convergence using 802.1w (Rapid Spanning Tree Protocol [RSTP]), enabled by default Multiple spanning tree instances using 802.1s (MSTP); 8 instances are supported
Per-VLAN Spanning Tree Plus (PVST+); 126 instances are supported
Rapid PVST+ (RPVST+); 126 instances are supported
Port grouping/link aggregation Support for IEEE 802.3ad Link Aggregation Control Protocol (LACP)
Up to 4 groups
Up to 8 ports per group with 16 candidate ports for each (dynamic) 802.3ad Link Aggregation Group (LAG)
VLAN Support for up to 255 active VLANs simultaneously Port-based and 802.1Q tag-based VLANs Management VLAN
Guest VLAN
Auto Surveillance VLAN (ASV)
Voice VLAN Voice traffic is automatically assigned to a voice-specific VLAN and treated with appropriate levels of QoS. Voice Services Discovery Protocol (VSDP) delivers networkwide zero-touch deployment of voice endpoints and call control devices
Generic VLAN Registration Protocol (GVRP) and Generic Attribute Registration Protocol (GARP) Enable automatically propagation and configuration of VLANs in a bridged domain
Internet Group Management Protocol (IGMP) versions 1, 2, and 3 snooping Limits bandwidth-intensive multicast traffic to only the requesters; supports 255 multicast groups (source-specific multicasting is also supported)
IGMP querier Used to support a Layer 2 multicast domain of snooping switches in the absence of a multicast router
Head-of-Line (HOL) blocking HOL blocking prevention
Loopback detection Provides protection against loops by transmitting loop protocol packets out of ports on which loop protection has been enabled. It operates independently of STP
Layer 3 routing
IPv4 routing Wire-speed routing of IPv4 packets
Up to 32 static routes and up to 16 IP interfaces
IPv6 routing Wire-speed routing of IPv6 packets
Layer 3 interface Configuration of Layer 3 interface on physical port, LAG, VLAN interface, or loopback interface
Classless Interdomain Routing (CIDR) Support for CIDR
Dynamic Host Configuration Protocol (DHCP) relay at Layer 3 Relay of DHCP traffic across IP domains
User Datagram Protocol (UDP) relay Relay of broadcast information across Layer 3 domains for application discovery or relaying of Bootstrap Protocol (BootP)/DHCP packets
Security
Secure Sockets Layer (SSL) Encrypts all HTTPS traffic, allowing secure access to the browser-based management GUI in the switch
SSH Protocol SSH is a secure replacement for Telnet traffic. Secure Copy (SCP) also uses SSH. SSH v1 and v2 are supported.
IEEE 802.1X (authenticator role) RADIUS authentication, guest VLAN, single/multiple host mode, and single/multiple sessions
STP loopback guard Provides additional protection against Layer 2 forwarding loops (STP loops)
Secure Core Technology (SCT) Ensures that the switch will receive and process management and protocol traffic no matter how much traffic is received
Secure Sensitive Data (SSD) A mechanism to manage sensitive data (such as passwords, keys, and so on) securely on the switch, populating this data to other devices and a secure auto-configuration. Access to view the sensitive data as plain text or encrypted is provided according to the user- configured access level and the access method of the user
Trustworthy systems Trustworthy systems provide a highly secure foundation for Cisco products
Run-time defenses (Executable Space Protection [X-Space], Address Space Layout Randomization [ASLR], Built-In Object Size Checking [BOSC])
Port security Ability to lock source MAC addresses to ports and limit the number of learned MAC addresses
RADIUS Supports RADIUS authentication for management access. Switch functions as a client
Storm control Broadcast, multicast, and unknown unicast
DoS prevention DoS attack prevention
Multiple user privilege levels in CLI Level 1, 7, and 15 privilege levels
ACLs Support for up to 512 rules
Drop or rate limit based on source and destination MAC, VLAN ID, IPv4 or IPv6 address, IPv6 flow label, protocol, port, Differentiated Services Code Point (DSCP)/IP precedence, TCP/UDP source and destination ports, 802.1p priority, Ethernet type, Internet Control Message Protocol (ICMP) packets, IGMP packets, TCP flag; ACL can be applied on both ingress and egress sides
Time-based ACLs supported
Quality of service
Priority levels 8 hardware queues
Scheduling Strict priority and Weighted Round-Robin (WRR) queue assignment based on DSCP and Class of Service (802.1p/CoS)
Class of service Port based, 802.1p VLAN priority based, IPv4/v6 IP precedence/Type of Service (ToS)/DSCP based, Differentiated Services (DiffServ), classification and re-marking ACLs, trusted QoS
Rate limiting Ingress policer, egress shaping and rate control per VLAN, per port, and flow based
Congestion avoidance A TCP congestion avoidance algorithm is required to reduce and prevent global TCP loss synchronization
IPv6
IPv6 IPv6 host mode IPv6 over Ethernet Dual IPv6/IPv4 stack
IPv6 Neighbor Discovery (ND)
IPv6 stateless address auto-configuration
Path Maximum Transmission Unit (MTU) discovery Duplicate Address Detection (DAD)
ICMP version 6
IPv6 over IPv4 network with Intrasite Automatic Tunnel Addressing Protocol (ISATAP) support
USGv6 and IPv6 Gold Logo certified
IPv6 QoS Prioritizes IPv6 packets in hardware
IPv6 ACL Drop or rate-limit IPv6 packets in hardware
Multicast Listener Discovery (MLD v1/2) snooping Delivers IPv6 multicast packets only to the required receivers
IPv6 applications Web/SSL, Telnet server/SSH, Ping, Traceroute, Simple Network Time Protocol (SNTP), Trivial File Transfer Protocol (TFTP), Simple Network Management Protocol (SNMP), RADIUS, Syslog, DNS client, DHCP client, DHCP auto-configuration
Management
Cisco Business Dashboard Support for embedded probe for Cisco Business Dashboard running on the switch. Eliminates the need to set up a separate hardware or virtual machine for the Cisco Business Dashboard probe onsite
Cisco Business mobile app Mobile app for Cisco Business switch and wireless products. Helps to set up a local network in minutes and provide easy management at your fingertips.
Cisco Network Plug and Play (PnP) agent The Cisco Network PnP solution provides a simple, secure, unified, and integrated offering to ease new branch or campus device rollouts or for provisioning updates to an existing network. The solution provides a unified approach to provision Cisco routers, switches, and wireless devices with a near-zero-touch deployment experience.
Supports Cisco PnP Connect
Web user interface Built-in switch configuration utility for easy browser-based device configuration (HTTP/HTTPS). Supports configuration, wizards, system dashboard, system maintenance, and monitoring
Basic and advanced mode for maximum operational efficiency
SNMP SNMP versions 1, 2c, and 3 with support for traps, and SNMP v3 User-Based Security Model (USM)
