Chapter 1
Overview
–
Note
VLAN Support
•
The switches support 250 port-based VLANs for assigning users to VLANs associated with
appropriate network resources, traffic patterns, and bandwidth
Note
•
The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of
VLANs allowed by the IEEE 802.1Q standard (available only with the EI)
•
IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes; management and
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
VLAN Membership Policy Server (VMPS) for dynamic VLAN membership
•
•
VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded traffic
to links destined for stations receiving the traffic
•
Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (802.1Q) to be used
•
Voice VLAN for creating subnets for voice traffic from Cisco IP Phones
Security
Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an
•
invalid configuration occurs
•
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
Password-protected access (read-only and read-write access) to management interfaces (CMS and
•
CLI) for protection against unauthorized configuration changes
Port security option for limiting and identifying MAC addresses of the stations allowed to access
•
the port
•
Port security aging to set the aging time for secure addresses on a port
Multilevel security for a choice of security level, notification, and resulting actions
•
MAC-based port-level security for restricting the use of a switch port to a specific group of source
•
addresses and preventing switch access from unauthorized stations (available only with the EI)
Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for
•
managing network security through a TACACS server
IEEE 802.1X port-based authentication to prevent unauthorized devices from gaining access to the
•
network
Standard and extended IP access control lists (ACLs) for defining security policies (available only
•
with the EI)
78-14982-01
Loop guard for preventing alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link
The switch supports up to 64 spanning-tree instances.
The Catalyst 2950-12, Catalyst 2950-24, and Catalyst 2950SX-24 switches support only 64
port-based VLANs.
Catalyst 2950 Desktop Switch Software Configuration Guide
Features
1-5