Vlan Features; Security Features - Cisco Catalyst 3560-X Software Configuration Manual

Software Features

VLAN Features

•
•
•
•
•
•
•
•
•
•
•
•
•

Security Features

•
•
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-10
Support for up to 1005 VLANs on switches running the IP Base or IP Services feature set or 255
VLANs on switches running the LAN Base feature set for assigning users to VLANs associated with
appropriate network resources, traffic patterns, and bandwidth.
Support for VLAN IDs in the 1 to 4094 range as allowed by the IEEE 802.1Q standard.
VLAN Query Protocol (VQP) for dynamic VLAN membership.
Inter-Switch Link (ISL) and IEEE 802.1Q trunking encapsulation on all ports for network moves,
adds, and changes; management and control of broadcast and multicast traffic; and network security
by establishing VLAN groups for high-security users and network resources.
Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (IEEE 802.1Q or ISL) to be used.
VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting
flooded traffic to links destined for stations receiving the traffic.
Voice VLAN for creating subnets for voice traffic from Cisco IP Phones.
Dynamic voice virtual LAN (VLAN) for multidomain authentication (MDA) to allow a dynamic
voice VLAN on an MDA-enabled port.
VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.
Private VLANs to address VLAN scalability problems, to provide a more controlled IP address
allocation, and to allow Layer 2 ports to be isolated from other ports on the switch.
Port security on a PVLAN host to limit the number of MAC addresses learned on a port, or define
which MAC addresses may be learned on a port.
VLAN Flex Link Load Balancing to provide Layer 2 redundancy without requiring Spanning Tree
Protocol (STP). A pair of interfaces configured as primary and backup links can load balance traffic
based on VLAN.
Support for VTP version 3 that includes support for configuring extended range VLANs (VLANs
1006 to 4094) in any VTP mode, enhanced authentication (hidden or secret passwords), propagation
of other databases in addition to VTP, VTP primary and secondary servers, and the option to turn
VTP on or off by port.
Cisco IOS Release 15.0(1)SE2 on the Catalyst 3750-X and 3560-X switches is now certified under
the Federal Information Processing Standard Publication 140-2 (FIPS 140-2) and the Common
Criteria for Information Technology Security Evaluation standard (Common Criteria or CC) EAL
2+.
Cisco IOS Release 15.0(2)SE1 on the Catalyst 3750-X and 3560-X switches has been submitted for
certification under FIPS 140-2 and Common Criteria compliance with the US Government, Security
Requirements for Network Devices (pp_nd_v1.0), version 1.0, dated 10 December 2010.
Chapter 1 Overview
OL-25303-03