Cisco Systems OL-6426-02 Benutzerhandbuch
5-8
Book Title
OL-xxxxx-xx
Chapter 5 Configuring a LAN with DHCP and VLANs
Switch Port Configurations
•
Configuring VLANs
(required)
•
Configuring VLAN Trunking Protocol (optional)
•
Configuring 802.1x Authentication (required)
•
Configuring Spanning Tree on a VLAN (required)
•
Configuring Layer 2 Interfaces (required)
•
Configuring MAC Table Manipulation
(required)
•
Configuring the Switched Port Analyzer (required)
•
Configuring Power Management on the Interfaces (optional)
•
IP Multicast Layer 3 Switching
(required)
•
Configuring Per-Port Storm Control (optional)
•
Configuring Fallback Bridging (optional)
•
Configuring Separate Voice and Data Submits (optional)
•
Configuring IGMP Snooping (optional)
This section briefly describes the features and interfaces that can be configured on the VLANs assigned
to the switch ports and any differences between the configurations for the HWIC-4ESW and
HWIC-9ESW and the configuration of the switch ports.
to the switch ports and any differences between the configurations for the HWIC-4ESW and
HWIC-9ESW and the configuration of the switch ports.
VLAN Trunking Protocol (VTP)
VLAN Trunking Protocol(VTP) supports three types of VTP modes – server, client and transparent
modes. In VTP server mode, you create, modify and delete VLANs and specify other configuration
parameters such as the VTP version for the entire VTP domain. VTP clients behave the same way as
VTP servers, but you cannot create, change or delete VLANs on a VTP client. A VTP transparent switch
does not advertise its’ VLAN configuration, and does not synchronize its VLAN configuration based on
received advertisements.
modes. In VTP server mode, you create, modify and delete VLANs and specify other configuration
parameters such as the VTP version for the entire VTP domain. VTP clients behave the same way as
VTP servers, but you cannot create, change or delete VLANs on a VTP client. A VTP transparent switch
does not advertise its’ VLAN configuration, and does not synchronize its VLAN configuration based on
received advertisements.
802.1x Authentication
The switch port determines whether a client is granted access to the network. In the default setting, the
port is in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except
for 802.1x packets. When a client has successfully authenticated, the port changes to the authorized
state, allowing all traffic for the client to flow normally.
port is in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except
for 802.1x packets. When a client has successfully authenticated, the port changes to the authorized
state, allowing all traffic for the client to flow normally.
If a client that does not support 802.1x is connected to an unauthorized 802.1x port, the switch requests
the client’s identity. In this situation, the client does not respond to the request, the port remains in the
unauthorized state, and the client is not granted access to the network.
the client’s identity. In this situation, the client does not respond to the request, the port remains in the
unauthorized state, and the client is not granted access to the network.
The 802.1x protocol supports authentication and full authentication, authorization, and accounting
[AAA] and RADIUS modes with port VLAN ID (PVID) and voice VLAN ID (VVID); and with VLAN
assignment with guest VLAN single and multi-host support on the Cisco 1800 (fixed) Configuration
Series.
[AAA] and RADIUS modes with port VLAN ID (PVID) and voice VLAN ID (VVID); and with VLAN
assignment with guest VLAN single and multi-host support on the Cisco 1800 (fixed) Configuration
Series.
Note
These security features are not supported on the switch ports: Security Access Control Lists, IP Access
Control Lists (IP- ACLs) for Layer 2 ports, and VLAN ACLs Virtual ACLs.
Control Lists (IP- ACLs) for Layer 2 ports, and VLAN ACLs Virtual ACLs.