Cisco Systems 2940 Switch User Manual


 
1-4
Catalyst 2940 Switch Software Configuration Guide
78-15507-02
Chapter 1 Overview
Features
VLAN Trunking Protocol (VTP) for reducing network traffic by restricting flooded traffic to links
destined for stations receiving the traffic.
Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (802.1Q) to be used
Voice VLAN for creating subnets for voice traffic from Cisco IP Phones
VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames
Security
Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an
invalid configuration occurs
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
Password-protected access (read-only and read-write access) to management interfaces (CMS and
CLI) for protection against unauthorized configuration changes
Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
Port security aging to set the aging time for secure addresses on a port
Multilevel security for a choice of security level, notification, and resulting actions
Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access
Control System Plus (TACACS+) support that requires network administrators to login with a user
name and password before they can access a switch
VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames.
IEEE 802.1X port-based authentication to prevent unauthorized devices from gaining access to the
network
IEEE 802.1X port-based authentication with voice VLAN to permit an IP phone access to the voice
VLAN irrespective of the authorized or unauthorized state of the port
Access control lists (ACLs) for defining security policies on management interfaces, which can be
a management VLAN or any traffic that is going directly to the CPU, such as SNMP, Telnet, or web
traffic.
For instructions about applying ACLs to management interfaces, refer to the “Configuring IP
Services” section of the Cisco IOS IP and IP Routing Configuration Guide, Cisco IOS Release 12.1
and to the Cisco IOS IP and IP Routing Command Reference, Cisco IOS Release 12.1.
Note The switch does not support ACLs on physical interfaces.
Quality of Service and Class of Service
Support for IEEE 802.1P class of service (CoS) scheduling for classification and preferential
treatment of high-priority voice traffic
Trusted boundary (detect the presence of a Cisco IP Phone, trust the CoS value received, and ensure
port security. If the IP phone is not detected, disable the trusted setting on the port and prevent
misuse of a high-priority queue.)