Cisco Systems 2940

1-4

Catalyst 2940 Switch Software Configuration Guide

78-15507-02

Chapter1 Overview

Features

•VLAN Trunking Protocol (VTP) for reducing network traffic by restricting flooded traffic to links

destined for stations receiving the traffic.

•Dynamic Trunking Protocol (DTP) for negotiating trunking on a link betwee n two d evices and fo r

negotiating the type of trunking encapsulation (802.1Q) to be used

•Voice VLAN for creating subnets for voice traffic from Cisco IP Phones

•VLAN 1 minimization to reduce the risk of spanning -tre e l oop s o r s torm s by a llowing V LAN 1 to

be disabled on any individual VLAN trunk link. With this feature enabled, no user tra ffic is sent or

received. The switch CPU continues to send and receive control protocol frames

Security

•Bridge protocol data unit (BPDU) guard for shutting down a Por t Fa st-co nfig ured por t w hen an

invalid configuration occurs

•Protected port option for restricting the forwarding of traffic to designated ports o n the same switch

•Password-protected access (read-only and read-write access) to management interfaces (CMS and

CLI) for protection against unauthorized configuration ch ange s

•Port security option for limiting and identifying MAC addresses of the stations allowed to access

the port

•Port security aging to set the aging time for secure addresses on a port

•Multilevel security for a choice of security level, notification, and resulting actions

•Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access

Control System Plus (TACACS+) support that requires network administrators to login with a user

name and password before they can access a switch

•VLAN 1 minimization to reduce the risk of spanning -tre e l oop s o r s torm s by a llowing V LAN 1 to

be disabled on any individual VLAN trunk link. With this feature enabled, no user tra ffic is sent or

received. The switch CPU continues to send and receive control protocol frames.

•IEEE 802.1X port-based authentication to prevent unauthorized devices from gaining acce ss t o t h e

network

•IEEE 802.1X port-based authentication with voice VLAN to permit an IP phone access to the voice

VLAN irrespective of the authorized or unauthorized state of the port

•Access control lists (ACLs) for defining security policies on management interfaces, which can be

a management VLAN or any traffic that is going directly to the CPU, su ch as SNMP, Telnet, or web

traffic.

For instructions about applying ACLs to management interfaces, refer to the “Configuring IP

Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1

and to the Cisco IOS IP and IP Routing Command Reference, Cisco IOS R ele ase 12.1.

Note The switch does not support ACLs on physical interfaces.

Quality of Service and Class of Service

•Support for IEEE 802.1P class of service (CoS) scheduling for classification and preferential

treatment of high-priority voice traffic

•Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and ensure

port security. If the IP phone is not detected, disable the trusted setting on the port and prevent

misuse of a high-priority queue.)