Vlan Features; Security Features - Cisco WS-C2960-24LC-S Software Configuration Manual

Chapter 1 Overview
•
•

VLAN Features

These are the VLAN features:
•
•
•
•
•
•
•
•
•

Security Features

The switch ships with these security features:
•
•
•
•
•
•
•
OL-8603-04
Link-state tracking to mirror the state of the ports that carry upstream traffic from connected hosts
and servers, and to allow the failover of the server traffic to an operational link on another Cisco
Ethernet switch.
RPS support through the Cisco RPS 300 and Cisco RPS 675 for enhancing power reliability
Support for up to 255 VLANs for assigning users to VLANs associated with appropriate network
resources, traffic patterns, and bandwidth
Support for VLAN IDs in the 1 to 4094 range as allowed by the IEEE 802.1Q standard
VLAN Query Protocol (VQP) for dynamic VLAN membership
IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by establishing
VLAN groups for high-security users and network resources
Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used
VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting
flooded traffic to links destined for stations receiving the traffic
Voice VLAN for creating subnets for voice traffic from Cisco IP Phones
VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.
VLAN Flex Link Load Balancing to provide Layer 2 redundancy without requiring Spanning Tree
Protocol (STP). A pair of interfaces configured as primary and backup links can load balance traffic
based on VLAN.
IP Service Level Agreements (IP SLAs) responder support that allows the switch to be a target
device for IP SLAs active traffic monitoring
Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to
be authenticated using a web browser
Password-protected access (read-only and read-write access) to management interfaces (device
manager, Network Assistant, and the CLI) for protection against unauthorized configuration
changes
Multilevel security for a choice of security level, notification, and resulting actions
Static MAC addressing for ensuring security
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
Catalyst 2960 Switch Software Configuration Guide
Features
1-7