Cisco Systems 2950 Manual

A SERVICE OF

next previous

1-4

Catalyst 2950 Desktop Switch Software Configuration Guide

78-11380-05

Chapter 1 Overview

Features

• The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of

VLANs allowed by the IEEE 802.1Q standard (available only with the EI)

• IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes; management and

control of broadcast and multicast traffic; and network security by establishing VLAN groups for

high-security users and network resources

• VLAN Membership Policy Server (VMPS) for dynamic VLAN membership

• VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded traffic

to links destined for stations receiving the traffic

• Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for

negotiating the type of trunking encapsulation (802.1Q) to be used

• Voice VLAN for creating subnets for voice traffic from Cisco IP Phones

Security

• Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an

invalid configuration occurs

• Protected port option for restricting the forwarding of traffic to designated ports on the same switch

• Password-protected access (read-only and read-write access) to management interfaces (CMS and

CLI) for protection against unauthorized configuration changes

• Port security option for limiting and identifying MAC addresses of the stations allowed to access

the port

• Port security aging to set the aging time for secure addresses on a port

• Multilevel security for a choice of security level, notification, and resulting actions

• MAC-based port-level security for restricting the use of a switch port to a specific group of source

addresses and preventing switch access from unauthorized stations (available only with the EI)

• Terminal Access Controller Access Control System Plus (TACACS+), a proprietary feature for

managing network security through a TACACS server

• IEEE 802.1X port-based authentication to prevent unauthorized devices from gaining access to the

network

• Standard and extended IP access control lists (ACLs) for defining security policies (available only

with the EI)

Quality of Service and Class of Service

• Classification

–

IP Differentiated Services Code Point (IP DSCP) and class of service (CoS) marking priorities

on a per-port basis for protecting the performance of mission-critical applications (only

available with the EI)

–

Flow-based packet classification (classification based on information in the MAC, IP, and

TCP/UDP headers) for high-performance quality of service at the network edge, allowing for

differentiated service levels for different types of network traffic and for prioritizing

mission-critical traffic in the network (only available in the EI)

–

Support for IEEE 802.1P CoS scheduling for classification and preferential treatment of

high-priority voice traffic

–

Trusted boundary (detect the presence of a Cisco IP phone, trust the CoS value received, and

ensure port security. If the IP phone is not detected, disable the trusted setting on the port and

prevent misuse of a high-priority queue.)