1-10
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 1 Overview
Features
• VLAN 1 minimization for reducing the risk of spanning-tree loops or storms by allowing VLAN 1
to be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent
or received on the trunk. The switch CPU continues to send and receive control protocol frames.
• VLAN Flex Link Load Balancing to provide Layer 2 redundancy without requiring Spanning Tree
Protocol (STP). A pair of interfaces configured as primary and backup links can load balance traffic
based on VLAN.
Note To use VLAN Flex Link Load Balancing, the switch must be running the LAN Base image.
• Support for 802.1x authentication with restricted VLANs (also known as authentication failed
VLANs)
• Support for VTP version 3 that includes support for configuring extended range VLANs (VLANs
1006 to 4094) in any VTP mode, enhanced authentication (hidden or secret passwords), propagation
of other databases in addition to VTP, VTP primary and secondary servers, and the option to turn
VTP on or off by port
Security Features
• Web authentication to allow a supplicant (client) that does not support IEEE 802.1x functionality to
be authenticated using a web browser
Note To use Web Authentication, the switch must be running the LAN Base image.
• Local web authentication banner so that a custom banner or an image file can be displayed at a web
authentication login screen
• IEEE 802.1x Authentication with ACLs and the RADIUS Filter-Id Attribute
Note To use this feature, the switch must be running the LAN Base image.
• Password-protected access (read-only and read-write access) to management interfaces (device
manager, Network Assistant, and the CLI) for protection against unauthorized configuration
changes
• Multilevel security for a choice of security level, notification, and resulting actions
• Static MAC addressing for ensuring security
• Protected port option for restricting the forwarding of traffic to designated ports on the same switch
• Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
• VLAN aware port security option to shut down the VLAN on the port when a violation occurs,
instead of shutting down the entire port.
• Port security aging to set the aging time for secure addresses on a port
• Protocol storm protection to control the rate of incoming protocol traffic to a switch by dropping
packets that exceed a specified ingress rate.
• BPDU guard for shutting down a Port Fast-configured port when an invalid configuration occurs
To Next Page
Loading...
