Cisco Catalyst 3550 series Software Configuration Manual page 44

Features
–
–
–
–
Note The switch supports up to 128 spanning-tree instances.
VLAN Support
Support for up to 1005 VLANs for assigning users to VLANs associated with appropriate network
•
resources, traffic patterns, and bandwidth
Support for VLAN IDs in the full 1 to 4094 range allowed by the IEEE 802.1Q standard
•
VLAN Query Protocol (VQP) for dynamic VLAN membership
•
Inter-Switch Link (ISL) and IEEE 802.1Q trunking encapsulation on all ports for network moves,
•
adds, and changes; management and control of broadcast and multicast traffic; and network security
by establishing VLAN groups for high-security users and network resources
Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
•
negotiating the type of trunking encapsulation (802.1Q or ISL) to be used
VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting
•
flooded traffic to links destined for stations receiving the traffic
Voice VLAN for creating subnets for voice traffic from Cisco IP Phones
•
VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
•
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames.
Security
Password-protected access (read-only and read-write access) to management interfaces (CMS and
•
CLI) for protection against unauthorized configuration changes
Multilevel security for a choice of security level, notification, and resulting actions
•
Static MAC addressing for ensuring security
•
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
•
Port security option for limiting and identifying MAC addresses of the stations allowed to access
•
the port
Port security on trunk ports for limiting and identifying MAC addresses of the stations allowed to
•
access the VLAN
• Port security aging to set the aging time for secure addresses on a port
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
•
• Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an
invalid configuration occurs
• Standard and extended IP access control lists (ACLs) for defining security policies in both directions
on routed interfaces (router ACLs) and inbound on Layer 2 interfaces (port ACLs)
Catalyst 3550 Multilayer Switch Software Configuration Guide
1-4
BPDU guard for shutting down Port Fast-enabled ports that receive BPDUs
BPDU filtering for preventing a Port Fast-enabled port from sending or receiving BPDUs
Root guard for preventing switches outside the network core from becoming the spanning-tree
root
Loop guard for preventing alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link
Chapter 1 Overview
78-11194-09