Vlan support, Security – IBM 12.1(22)EA6 User Manual

1-4

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Chapter 1 Overview

Features

VLAN Support

•

The switches support 250 port-based VLANs for assigning users to VLANs associated with
appropriate network resources, traffic patterns, and bandwidth

•

The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of
VLANs allowed by the IEEE 802.1Q standard

•

IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes; management and
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources

•

VLAN Membership Policy Server (VMPS) for dynamic VLAN membership

•

VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded traffic
to links destined for stations receiving the traffic

•

Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used

•

VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames.

•

Multiple management interface support allowing multiple interfaces to be assigned to a unique IP
address.

Security

•

Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an
invalid configuration occurs

•

Protected port option for restricting the forwarding of traffic to designated ports on the same switch

•

Password-protected access (read-only and read-write access) to management interfaces (device
manager and CLI) for protection against unauthorized configuration changes

•

Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port

•

Port security aging to set the aging time for secure addresses on a port

•

Multilevel security for a choice of security level, notification, and resulting actions

•

MAC-based port-level security for restricting the use of a switch port to a specific group of source
addresses and preventing switch access from unauthorized stations

•

TACACS+, a proprietary feature for managing network security through a TACACS server

•

IEEE 802.1x port-based authentication to prevent unauthorized devices from gaining access to the
network

•

IEEE 802.1x accounting to track network usage

•

IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame

•

Standard and extended IP access control lists (ACLs) for defining security policies