Manualshelf

Operating instructions

ManualsBrandsCisco ManualsComputer equipmentEthernet switch
21222324252627282930
Chapter 3. Cisco Systems Intelligent Gigabit Ethernet Switch Module 15
3.3.5 VLAN support
The switch supports 250 port-based VLANs for assigning users to VLANs associated with the
applicable network resources, traffic patterns, and bandwidth. VLAN support highlights:
򐂰 The switch supports up to 4094 VLAN IDs to allow service provider networks to support
the number of VLANs allowed by the IEEE 802.1Q standard.
򐂰 IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by
establishing VLAN groups for high-security users and network resources.
򐂰 VLAN Management Policy Server (VMPS) for dynamic VLAN membership.
򐂰 VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded
traffic to links destined for stations receiving the traffic.
򐂰 Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices
and for negotiating the type of trunking encapsulation (802.1Q) to be used.
򐂰 Voice VLAN for creating subnets for voice traffic from Cisco IP phones.
򐂰 VLAN 1 minimization to reduce the risk of Spanning Tree loops or storms by allowing
VLAN 1 to be disabled on any individual VLAN trunk link.
3.3.6 Security
Security features built into the Cisco Systems Intelligent Gigabit Ethernet Switch Module
include:
򐂰 Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port
when an invalid configuration occurs
򐂰 Protected port option for restricting the forwarding of traffic to designated ports on the
same switch
򐂰 Password-protected access (read-only and write-only access) to management interfaces,
Cluster Management Suite, and command-line interface for protection against
unauthorized configuration changes
򐂰 Port security option for limiting and identifying MAC addresses of the station allowed to
access the port
򐂰 Port security aging to set the aging time for secure addresses on a port
򐂰 Multilevel security for a choice of security level, notification, and resulting actions
򐂰 MAC-based, port-level security for restricting the use of a switch port to a specific group of
source addresses and preventing switch access from unauthorized stations
򐂰 Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature
for managing network security through a TACACS server
򐂰 IEEE 802.1X port-based authentication to prevent unauthorized devices from gaining
access to the network
򐂰 IEEE 802.1X port-based authentication with VLAN assignment for restricting
802.1X-authenticated users to a specified VLAN
򐂰 IEEE 802.1X port-based authentication with port security for authenticating the port and
managing network access for all MAC addresses, including that of the client
򐂰 IEEE 802.1X port-based authentication with voice VLAN to permit an IP phone access to
the voice VLAN irrespective of the authorized or unauthorized state of the port