1-5
Catalyst 2360 Switch Software Configuration Guide
OL-19808-01
Chapter 1 Overview
Features
•
802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree instance
and to provide multiple forwarding paths for data traffic and load-balancing and rapid per-VLAN
Spanning-Tree plus (rapid-PVST+)
•
Optional spanning-tree features available in PVST+, rapid-PVST+, and MSTP mode:
–
Port Fast to eliminate the forwarding delay by enabling a port to immediately change from the
blocking state to the forwarding state
–
BPDU guard to shut down Port Fast-enabled ports that receive bridge protocol data units
(BPDUs)
–
BPDU filtering to prevent a Port Fast-enabled port from sending or receiving BPDUs
–
Root guard to prevent switches outside the network core from becoming the spanning-tree root
–
Loop guard to prevent alternate or root ports from becoming designated ports because of a
failure that leads to a unidirectional link
VLAN Features
•
Support for up to 64 VLANs for assigning users to VLANs associated with resources, traffic
patterns, and bandwidth
•
Support for VLAN IDs in the 1 to 4094 range
•
802.1Q trunking encapsulation on all ports for network moves, adds, and changes; management and
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
•
Dynamic Trunking Protocol (DTP) to negotiate trunking on a link between two devices and to
negotiate the type of trunking encapsulation (802.1Q) to be used
•
VLAN Trunking Protocol (VTP) and VTP pruning to reduce network traffic by restricting flooded
traffic to links for stations receiving the traffic
•
VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. When enabled, no user traffic is sent or received on
the trunk. The switch CPU contiinues to send and receive control protocol frames.
Security Features
•
Password-protected access (read-only and read-write access) to management interfaces (device
manager, and the CLI) to protect against unauthorized configuration changes
•
Multilevel security for a choice of security level, notification, and resulting actions
•
Static MAC addressing to ensure security
•
BPDU guard to shut down a Port Fast-configured port when an invalid configuration occurs
•
Extended MAC access control lists to define security policies in the inbound direction on Layer 2
interfaces
•
MAC authentication bypass to authorize clients based on the client MAC address
•
to manage network security through a TACACS server
•
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through AAA services