1-4
Cisco Systems IntelligentGigabit Ethernet Switch Modules for the IBMBladeCenter, Software Configuration Guide
24R9746
Chapter1 Overview
Features
VLAN Support•The switches support 250 port-based VLANs for assigning users to VLANs associated with
appropriate network resources, traffic patterns, and bandwidth
•The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of
VLANs allowed by the IEEE 802.1Q standard
•IEEE 802.1Q trunking protocol on all ports for network moves, adds, and c hanges; management and
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
•VLAN Membership Policy Server (VMPS) for dynamic VLAN membership
•VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded traffic
to links destined for stations receiving the traffic
•Dynamic Trunking Protocol (DTP) for negotiating trunking on a link betwee n two devices and for
negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used
•VLAN 1 minimization to reduce the risk of spanning-t ree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. With this feature enabled, no user tra ffic is sent or
received. The switch CPU continues to send and receive control protocol frames.
•Multiple management interface support allowing multiple interfaces to be assigned to a unique IP
address.
Security•Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-c onfigured port when an
invalid configuration occurs
•Protected port option for restricting the forwarding of traffic to designated ports o n the same switch
•Password-protected access (read-only and read-write access) to management interfaces (device
manager and CLI) for protection against unauthorized configuratio n changes
•Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
•Port security aging to set the aging time for secure addresses on a port
•Multilevel security for a choice of security level, notification, and resulting actions
•MAC-based port-level security for restricting the use of a switch port to a specific group of so urce
addresses and preventing switch access from unauthorized stations
•TACACS+, a proprietary feature for managing network security through a TACACS server
•IEEE 802.1x port-based authentication to prevent unauthorized devices from gaining access to the
network
•IEEE 802.1x accounting to track network usage
•IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame
•Standard and extended IP access control lists (ACLs) for defining security policies