Filter
Top Products
1-4
Catalyst 2940 Switch Software Configuration Guide
78-15507-02
Chapter 1 Overview
Features
• VLAN Trunking Protocol (VTP) for reducing network traffic by restricting flooded traffic to links
destined for stations receiving the traffic.
• Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (802.1Q) to be used
• Voice VLAN for creating subnets for voice traffic from Cisco IP Phones
• VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames
Security
• Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an
invalid configuration occurs
• Protected port option for restricting the forwarding of traffic to designated ports on the same switch
• Password-protected access (read-only and read-write access) to management interfaces (CMS and
CLI) for protection against unauthorized configuration changes
• Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
• Port security aging to set the aging time for secure addresses on a port
• Multilevel security for a choice of security level, notification, and resulting actions
• Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access
Control System Plus (TACACS+) support that requires network administrators to login with a user
name and password before they can access a switch
• VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames.
• IEEE 802.1X port-based authentication to prevent unauthorized devices from gaining access to the
network
• IEEE 802.1X port-based authentication with voice VLAN to permit an IP phone access to the voice
VLAN irrespective of the authorized or unauthorized state of the port
• Access control lists (ACLs) for defining security policies on management interfaces, which can be
a management VLAN or any traffic that is going directly to the CPU, such as SNMP, Telnet, or web
traffic.
For instructions about applying ACLs to management interfaces, refer to the “Configuring IP
Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1
and to the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1.
Note The switch does not support ACLs on physical interfaces.
Quality of Service and Class of Service
• Support for IEEE 802.1P class of service (CoS) scheduling for classification and preferential
treatment of high-priority voice traffic
• Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and ensure
port security. If the IP phone is not detected, disable the trusted setting on the port and prevent
misuse of a high-priority queue.)