Cisco Systems 3550

1-3

Catalyst 3550 Multilayer Switch Software Configuration Guide

78-11194-03

Chapter1 Overview Features

Redundancy

•Hot Standby Router Protocol (HSRP) for command switch and Layer 3 router redundancy

•UniDirectional Link Detection (UDLD) on all Ethernet ports for detecting and disablin g unidirec tiona l links on

fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults

•IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free networks. STP has these

features:

–

Per-VLAN Spanning Tree (PVST) for balancing load across VLANs

–

Port Fast mode for eliminating forward delay by enablin g a p ort t o im me dia tely ch an ge fr om a b lo ckin g state to a

forwarding state

–

UplinkFast, cross-stack UplinkFast, and BackboneFast for fast convergence after a spanning-tree topology change

and for achieving load balancing between redundant upl inks, inc ludi ng G iga bit u plinks an d cr oss-s tack G iga bit

uplinks

–

STP root guard for preventing switches outside the network core from becoming the STP root

Note The switch supports up to 128 spanning-tree instances.

VLAN Support

•Support for up to 1005 VLANs for assigning users to VLANs associated with appropriate network resources, traffic

patterns, and bandwidth

•VLAN Query Protocol (VQP) for dynamic VLAN membership

•Inter-Switch Link (ISL) and IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and change s;

management and control of broadcast and multicast traffic; and network security by establishing VLAN groups for

high-security users and network resources

•Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for negotiating the type

of trunking encapsulation (802.1Q or ISL) to be used

•VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting flooded traffic to links

destined for stations receiving the traffic

Security

•Password-protected access (read-only and read-write access) t o ma na geme nt i nte rfac es (CMS a nd CLI) for p rotect ion

against unauthorized configuration changes

•Multilevel security for a choice of security level, notification, and resulting actions

•Static MAC addressing for ensuring security

•Protected port option for restricting the forwarding of traffic to designated ports on the same switch

•Port security option for limiting and identifying MAC addresses of the stations allowed to access the port

•Bridge Protocol Data Unit (BPDU) Guard for shutting down a Port Fast-configured port when an invalid con figuratio n

occurs

•Standard and extended IP access control lists (ACLs) for defining security policies on routed inte rface s

•VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on information in the MAC, I P,

and TCP/User Datagram Protocol (UDP) headers

•Source and destination MAC-based ACLs for filtering non-IP traffic

•IEEE 802.1X port-based authentication to preven t un au thori ze d d ev ice s ( clie nts) fr om gai ning ac cess t o the ne tw ork

Table1-1 Features (continued)