Cisco Catalyst 3550 Datasheet page 10

Feature
Scalability
Network-wide security features
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Benefit
• Per VLAN Spanning Tree Plus (PVST+) allows for Layer 2 load-sharing on
redundant links to efficiently use the extra capacity inherent in a
redundant design.
• Equal-cost routing for Layer 3 load-balancing and redundancy.
• Local Proxy ARP works in conjunction with private VLAN edge to minimize
broadcasts and maximize available bandwidth.
• VLAN Trunking Protocol (VTP) pruning limits bandwidth consumption on
VTP trunks by flooding broadcast traffic only on trunk links required to reach
the destination devices.
• Internet Group Management Protocol (IGMP) snooping provides for fast
client "joins" and "leaves" of multicast streams and limits
bandwidth-intensive video traffic to only the requestors.
• Multicast VLAN registration (MVR) continuously sends multicast streams in
a multicast VLAN while isolating the streams from subscriber VLANs for
bandwidth and security reasons.
• The Cisco CWDM GBIC solution support allows for the scaling of bandwidth
without deploying additional fiber. It provides scalability of up to eight
Gigabits of bandwidth on a pair of single-mode fibers to reach the distances
up to 100–120 km.
• Support for up to 4,096 VLAN Ids with 1,005 active VLANs per switch; and
up to 128 spanning tree instances per switch.
• VLAN trunks can be created from any port using either standards-based
802.1Q tagging or the Cisco ISL VLAN architecture.
• IEEE 802.1x for dynamic port-based security.
• Cisco security VLAN ACLs (VACLs) on all VLANs to prevent unauthorized
data flows to be bridged within VLANs.
• Cisco standard and extended IP security Router ACLs (RACLs) for defining
security policies on routed interfaces for control plane and data plane traffic.
• Port-based ACLs for Layer 2 interfaces allows security policy to be applied
on per-Layer 2 port basis.
• Time-based ACLs allow the implementation of security settings during
specific periods of the day.
• Private VLAN edge provides security and isolation between ports on a
switch, ensuring that voice traffic travels directly from its entry point to the
aggregation device through a virtual path and cannot be directed to a
different port.
• TACACS+ and RADIUS authentication to enable centralized control of the
switch and restrict unauthorized users from altering the configuration.
• Port security secures the access to a port based on the MAC address of a
user's device and prevents unauthorized stations from accessing the switch.
The aging feature provides the capability to limit the number of concurrent
devices per port.
• Multilevel security on console access prevents unauthorized users from
altering the switch configuration.
Cisco Systems, Inc.
Page 10 of 20