IBM 12.1(22)EA6 ユーザーズマニュアル
1-4
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 1 Overview
Features
VLAN Support
•
The switches support 250 port-based VLANs for assigning users to VLANs associated with
appropriate network resources, traffic patterns, and bandwidth
appropriate network resources, traffic patterns, and bandwidth
•
The switch supports up to 4094 VLAN IDs to allow service provider networks to support the number of
VLANs allowed by the IEEE 802.1Q standard
VLANs allowed by the IEEE 802.1Q standard
•
IEEE 802.1Q trunking protocol on all ports for network moves, adds, and changes; management and
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
•
VLAN Membership Policy Server (VMPS) for dynamic VLAN membership
•
VLAN Trunking Protocol (VTP) pruning for reducing network traffic by restricting flooded traffic
to links destined for stations receiving the traffic
to links destined for stations receiving the traffic
•
Dynamic Trunking Protocol (DTP) for negotiating trunking on a link between two devices and for
negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used
negotiating the type of trunking encapsulation (IEEE 802.1Q) to be used
•
VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames.
be disabled on any individual VLAN trunk link. With this feature enabled, no user traffic is sent or
received. The switch CPU continues to send and receive control protocol frames.
•
Multiple management interface support allowing multiple interfaces to be assigned to a unique IP
address.
address.
Security
•
Bridge protocol data unit (BPDU) guard for shutting down a Port Fast-configured port when an
invalid configuration occurs
invalid configuration occurs
•
Protected port option for restricting the forwarding of traffic to designated ports on the same switch
•
Password-protected access (read-only and read-write access) to management interfaces (device
manager and CLI) for protection against unauthorized configuration changes
manager and CLI) for protection against unauthorized configuration changes
•
Port security option for limiting and identifying MAC addresses of the stations allowed to access
the port
the port
•
Port security aging to set the aging time for secure addresses on a port
•
Multilevel security for a choice of security level, notification, and resulting actions
•
MAC-based port-level security for restricting the use of a switch port to a specific group of source
addresses and preventing switch access from unauthorized stations
addresses and preventing switch access from unauthorized stations
•
TACACS+, a proprietary feature for managing network security through a TACACS server
•
IEEE 802.1x port-based authentication to prevent unauthorized devices from gaining access to the
network
network
•
IEEE 802.1x accounting to track network usage
•
IEEE 802.1x with wake-on-LAN to allow dormant PCs to be powered on based on the receipt of a
specific Ethernet frame
specific Ethernet frame
•
Standard and extended IP access control lists (ACLs) for defining security policies