The 3650 switch has advanced wired plus wireless QoS capabilities.
It uses the Cisco modular QoS command line interface (MQC). The
switch manages wireless bandwidth using unprecedented hierarchical
bandwidth management starting at the per-access-point level and
drilling further down to per-radio, per-service set identification
(SSID), and per-user levels. This helps manage and prioritize
available bandwidth between various radios and various SSIDs
(enterprise, guest, and so on) within each radio on a percentage
basis. The switch is also capable of automatically allocating equal
bandwidth among the connected users within a given SSID. This makes
sure that all users within a given SSID get a fair share of the
available bandwidth while being connected to the network. The UADP
ASIC enables the hierarchical bandwidth management and fair sharing
of bandwidth, thereby providing hardware-based QoS for optimized
performance at line-rate traffic.
In addition to these capabilities, the switch is able to do class
of service (CoS) or differentiated services code point (DSCP) based
queuing, policing, shaping, and marking of wired plus wireless
traffic. This enables users to create common policies that can be
used across wired plus wireless traffic. The 3650 also supports
downloadable policy names from the Cisco Identity Services Engine
(ISE) when a user successfully authenticates to the network using
the ISE.
Security
The Cisco Catalyst 3650 provides a rich set of security features
for wired plus wireless users. Features such as IEEE 802.1x,
Dynamic Host Configuration Protocol (DHCP) snooping, IP Source
Guard and control plane protection, wireless intrusion prevention
systems (WIPSs), and so on enable protection against unauthorized
users and attackers. With a variety of wired plus wireless users
connecting to the network, the switch supports session-aware
networking, in which each device connected to the network is
identified as one session, and unique access control lists (ACLs)
and/or QoS policies can be defined and applied using the ISE for
each of these sessions, providing better control on the devices
connecting to the network.