1-5
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter1 Overview Features
VLAN Features
Support for up to 1005 VLANs for assigning users to VLANs associated with appropriate network
resources, traffic patterns, and bandwidth
Support for VLAN IDs in the full 1 to 4094 range allowed by the IEEE 802 .1Q stan da rd
VLAN Query Protocol (VQP) for dynamic VLAN membership
IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by establishing
VLAN groups for high-security users and network resources
VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.
UNI-isolated VLANs to isolate customer VLANs from VLANs of other customers on the same
switch. Local switching does not occur among UNIs on the switch that belong to the same UNI
isolated VLAN.
Private VLANs to address VLAN scalability problems, to provide a more controlled IP address
allocation , and to allow Layer 2 po r ts to be isolated from ports on othe r switches
Security Features
The switch provides security for the subscriber, the switch, and the network.

Subscriber Security

By default, local switching is disabled among subscriber ports to ensure that subscribers are
isolated.
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP
snooping database and IP source bindings
Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP
requests and responses to other ports in the same VLAN
Note IP source guard and dynamic ARP inspection are available only when the switch is running the metro IP
access or metro access image.

Switch Security

Note The Kerberos feature listed in this section is only available on the cryptographic versions of the switch
software.
Password-protected access (read-only and read-write access) to management interfaces for
protection against unauthorized configuration changes