1-3
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 1 Overview
Features
Redundancy
• Hot Standby Router Protocol (HSRP) for command switch and Layer 3 router redundancy
• UniDirectional Link Detection (UDLD) on all Ethernet ports for detecting and disabling unidirectional links on
fiber-optic interfaces caused by incorrect fiber-optic wiring or port faults
• IEEE 802.1D Spanning Tree Protocol (STP) for redundant backbone connections and loop-free networks. STP has these
features:
–
Per-VLAN Spanning Tree (PVST) for balancing load across VLANs
–
Port Fast mode for eliminating forward delay by enabling a port to immediately change from a blocking state to a
forwarding state
–
UplinkFast, cross-stack UplinkFast, and BackboneFast for fast convergence after a spanning-tree topology change
and for achieving load balancing between redundant uplinks, including Gigabit uplinks and cross-stack Gigabit
uplinks
–
STP root guard for preventing switches outside the network core from becoming the STP root
Note The switch supports up to 128 spanning-tree instances.
VLAN Support
• Support for up to 1005 VLANs for assigning users to VLANs associated with appropriate network resources, traffic
patterns, and bandwidth
• VLAN Query Protocol (VQP) for dynamic VLAN membership
• Inter-Switch Link (ISL) and IEEE 802.1Q trunking encapsulation on all ports for network moves, adds, and changes;
management and control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
• Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for negotiating the type
of trunking encapsulation (802.1Q or ISL) to be used
• VLAN Trunking Protocol (VTP) and VTP pruning for reducing network traffic by restricting flooded traffic to links
destined for stations receiving the traffic
Security
• Password-protected access (read-only and read-write access) to management interfaces (CMS and CLI) for protection
against unauthorized configuration changes
• Multilevel security for a choice of security level, notification, and resulting actions
• Static MAC addressing for ensuring security
• Protected port option for restricting the forwarding of traffic to designated ports on the same switch
• Port security option for limiting and identifying MAC addresses of the stations allowed to access the port
• Bridge Protocol Data Unit (BPDU) Guard for shutting down a Port Fast-configured port when an invalid configuration
occurs
• Standard and extended IP access control lists (ACLs) for defining security policies on routed interfaces
• VLAN ACLs (VLAN maps) for providing intra-VLAN security by filtering traffic based on information in the MAC, IP,
and TCP/User Datagram Protocol (UDP) headers
• Source and destination MAC-based ACLs for filtering non-IP traffic
• IEEE 802.1X port-based authentication to prevent unauthorized devices (clients) from gaining access to the network
Table 1-1 Features (continued)
