Table of Contents
Advertisement
Optional spanning tree features available in the PVST+, rapid PVST+, and MSTP modes.
Flex Link Layer 2 interfaces to back up one another as an alternative to STP for basic link
redundancy.
VLAN support:
Support for 1005 total VLANs. These VLANs can be any VLAN ID from 1–4094, except 1001–1005,
which are reserved by Cisco.
Cisco Inter-Switch Link (ISL) and IEEE 802.1Q trunking protocol on all ports for network moves,
adds, and changes; management and control of broadcast and multicast traffic; and network
security by establishing VLAN groups for high-security users and network resources.
VLAN Query Protocol (VQP) for dynamic VLAN membership.
VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded traffic to
links destined for stations receiving the traffic.
Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (802.1Q) to be used.
Voice VLAN for creating subnets for voice traffic from Cisco IP phones.
VLAN 1 minimization to reduce the risk of spanning tree loops or storms by enabling VLAN 1 to be
disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames.
Private VLANs to address VLAN scalability issues.
VLAN Flex Link Load Balancing to provide Layer 2 link redundancy without STP.
Support for up to 128 instances of spanning tree per switch or per switch stack.
Security features:
Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an invalid
configuration occurs.
Protected port option for restricting the forwarding of traffic to designated ports on the same switch.
Password-protected access (read-only and write-only access) to management interfaces (the device
manager and CLI) for protection against unauthorized configuration changes.
Port security option for limiting and identifying MAC addresses of the station allowed to access the
port.
Port security aging to set the aging time for secure addresses on a port.
Multilevel security for a choice of security level, notification, and resulting actions.
MAC-based port-level security for restricting the use of a switch port to a specific group of source
addresses and preventing switch access from unauthorized stations.
MAC-based access control lists (ACLs).
Standard and extended IP access control lists (ACLs) for defining security policies on Layer 3 (router
ACLs) and Layer 2 (port ACLs) interfaces.
Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for
managing network security through a TACACS server.
RADIUS for verifying the identity of, granting access to, and tracking activities of remote users.
IEEE 802.1X port-based authentication to prevent unauthorized devices from gaining access to the
network.
IEEE 802.1X port-based authentication with VLAN assignment for restricting 802.1X-authenticated
users to a specified VLAN.
IEEE 802.1X port-based authentication with port security for authenticating the port and managing
network access for all MAC addresses, including that of the client.
Cisco Catalyst Switch Module 3012 for BladeCenter (withdrawn product)
4
Advertisement
Table of Contents
