Vlan Features; Security Features; Subscriber Security - Cisco ME 3400 Software Configuration Manual

Features
•
•
•
•
•
•

VLAN Features

•
•
•
•
•
•
•
•
•

Security Features

The switch provides security for the subscriber, the switch, and the network.

Subscriber Security

•
•
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
1-6
Link-state tracking to mirror the state of the ports that carry upstream traffic from connected hosts
and servers, and to allow the failover of the server traffic to an operational link on another Cisco
Ethernet switch (requires the metro IP access or metro access image)
Support for Resilient Ethernet Protocol (REP) for improved convergence times and network loop
prevention without the use of spanning tree (requires the metro IP access or metro access image)
Counter and timer enhancements to REP support (requires the metro IP access or metro access
image)
Support for REP edge ports when the neighbor port is not REP-capable
HSRP for Layer 3 router redundancy (requires metro IP access image)
Equal-cost routing for link-level and switch-level redundancy (requires metro IP access image)
Support for up to 1005 VLANs for assigning users to VLANs associated with appropriate network
resources, traffic patterns, and bandwidth
Support for VLAN IDs in the full 1 to 4094 range allowed by the IEEE 802.1Q standard
VLAN Query Protocol (VQP) for dynamic VLAN membership
IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by establishing
VLAN groups for high-security users and network resources
VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.
UNI-ENI isolated VLANs to isolate customer VLANs from VLANs of other customers on the same
switch. Local switching does not occur among UNIs or ENIs on the switch that belong to the same
UNI-ENI isolated VLAN.
Private VLANs to address VLAN scalability problems, to provide a more controlled IP address
allocation, and to allow Layer 2 ports to be isolated from ports on other switches
Port security on a PVLAN host to limit the number of MAC addresses learned on a port, or define
which MAC addresses may be learned on a port
VLAN Flex Link Load Balancing to provide Layer 2 redundancy without requiring Spanning Tree
Protocol (STP). A pair of interfaces configured as primary and backup links can load balance traffic
based on VLAN.
By default, local switching is disabled among subscriber ports to ensure that subscribers are
isolated.
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
Chapter 1 Overview
OL-9639-07