Table of Contents
Advertisement
Chapter 1
Overview
VLAN Features
•
•
•
•
•
•
•
Security Features
The switch provides security for the subscriber, the switch, and the network.
Subscriber Security
•
•
•
•
Note
IP source guard and dynamic ARP inspection are available only when the switch is running the metro IP
access or metro access image.
Switch Security
Note
The Kerberos feature listed in this section is only available on the cryptographic versions of the switch
software.
•
78-17058-01
Support for up to 1005 VLANs for assigning users to VLANs associated with appropriate network
resources, traffic patterns, and bandwidth
Support for VLAN IDs in the full 1 to 4094 range allowed by the IEEE 802.1Q standard
VLAN Query Protocol (VQP) for dynamic VLAN membership
IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by establishing
VLAN groups for high-security users and network resources
VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.
UNI-isolated VLANs to isolate customer VLANs from VLANs of other customers on the same
switch. Local switching does not occur among UNIs on the switch that belong to the same UNI
isolated VLAN.
Private VLANs to address VLAN scalability problems, to provide a more controlled IP address
allocation, and to allow Layer 2 ports to be isolated from ports on other switches
By default, local switching is disabled among subscriber ports to ensure that subscribers are
isolated.
DHCP snooping to filter untrusted DHCP messages between untrusted hosts and DHCP servers
IP source guard to restrict traffic on nonrouted interfaces by filtering traffic based on the DHCP
snooping database and IP source bindings
Dynamic ARP inspection to prevent malicious attacks on the switch by not relaying invalid ARP
requests and responses to other ports in the same VLAN
Password-protected access (read-only and read-write access) to management interfaces for
protection against unauthorized configuration changes
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Features
1-5
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
