Cisco Systems DOC-7814982

1-5

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 1 Overview Features

–

Loop gu ard for preventing alternate or root ports from becoming designated po rts because of a

failure that leads to a unidirectional link

Note The switch support s up to 64 spanni ng-tre e instanc es.

VLAN Support

•The switc hes suppo rt 250 port -based VL ANs for ass igning use rs to VLANs associate d with

appro priate ne twork reso urces , traffic patte rns, an d bandwi dth

Note The Catalyst 2950-1 2, Catalyst 2950-24, and Catalyst 295 0SX-24 switch es support only 64

port-base d VLANs.

•The switc h supp orts up to 40 94 VLAN ID s to allo w service pr o vider net work s to sup port the n umber of

VLANs allowed by the IEEE 802.1Q standard (available o nly with the EI)

•IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes; management and

control of broadcast and multicast traffic; and network security by establishing VLAN groups for

high-se curit y u ser s and n etwork r e source s

•VLAN Membe rshi p Policy Server (VMPS) for dyna mic VLA N membe rship

•VLAN Trunking Proto col ( VTP) pr unin g for re ducing ne twor k tra ffic by restrictin g floo de d traffic

to links destined for stations receiving the traffic

•Dynamic Trunking Pr otoc ol ( DTP) fo r negotiati ng trun king on a l ink bet wee n two d evices and fo r

negotiating the type of trunkin g encapsulation (802 .1Q) to be used

•Voice VLAN for creating subnets for voice traffic from Cisco IP Phones

Security

•Bridge prot ocol data u nit (B PDU) g uar d for sh ut ting dow n a Por t Fa st-co nfig ure d por t w hen an

invalid configuration occurs

•Protected port option for restricting the forwarding of traffic to designated ports on the same switch

•Password-protected access (read-only and read-write access) to management interfaces (CMS and

CLI) for protection against unauthorized configuration changes

•Port security option for limiting and identifying MAC addresses of the stations allowed to access

the port

•Port secur ity aging to set the aging time f or secure addresses on a po rt

•Multilevel security for a choice of security level, notification, and resulting actions

•MAC- ba sed por t -level security for r es tri cting th e use of a swi tch po rt to a spe cific gr oup of so ur ce

addresses and preventing switch access from unauthorized stations (available only with the EI)

•Terminal Ac cess C ont rol ler A cce ss C ontro l Syst em Plus (TACACS+ ), a p rop rieta ry f eat ure for

managing ne twork se curi ty thro ugh a TACACS se rver

•IEEE 802.1X port-based au thentication to prevent unauthorized devices from gaining access to the

network

•Standa rd and extended IP ac cess control lists (ACLs) for defining security policies (availa ble only

with the EI)