Vlan Features; Security Features - Cisco Catalyst 2360 Software Configuration Manual

Chapter 1 Overview
•
•

VLAN Features

•
•
•
•
•
•

Security Features

•
•
•
•
•
•
•
•
OL-19808-01
802.1s Multiple Spanning Tree Protocol (MSTP) for grouping VLANs into a spanning-tree instance
and to provide multiple forwarding paths for data traffic and load-balancing and rapid per-VLAN
Spanning-Tree plus (rapid-PVST+)
Optional spanning-tree features available in PVST+, rapid-PVST+, and MSTP mode:
– Port Fast to eliminate the forwarding delay by enabling a port to immediately change from the
blocking state to the forwarding state
BPDU guard to shut down Port Fast-enabled ports that receive bridge protocol data units
–
(BPDUs)
BPDU filtering to prevent a Port Fast-enabled port from sending or receiving BPDUs
–
Root guard to prevent switches outside the network core from becoming the spanning-tree root
–
Loop guard to prevent alternate or root ports from becoming designated ports because of a
–
failure that leads to a unidirectional link
Support for up to 64 VLANs for assigning users to VLANs associated with resources, traffic
patterns, and bandwidth
Support for VLAN IDs in the 1 to 4094 range
802.1Q trunking encapsulation on all ports for network moves, adds, and changes; management and
control of broadcast and multicast traffic; and network security by establishing VLAN groups for
high-security users and network resources
Dynamic Trunking Protocol (DTP) to negotiate trunking on a link between two devices and to
negotiate the type of trunking encapsulation (802.1Q) to be used
VLAN Trunking Protocol (VTP) and VTP pruning to reduce network traffic by restricting flooded
traffic to links for stations receiving the traffic
VLAN 1 minimization to reduce the risk of spanning-tree loops or storms by allowing VLAN 1 to
be disabled on any individual VLAN trunk link. When enabled, no user traffic is sent or received on
the trunk. The switch CPU contiinues to send and receive control protocol frames.
Password-protected access (read-only and read-write access) to management interfaces (device
manager, and the CLI) to protect against unauthorized configuration changes
Multilevel security for a choice of security level, notification, and resulting actions
Static MAC addressing to ensure security
BPDU guard to shut down a Port Fast-configured port when an invalid configuration occurs
Extended MAC access control lists to define security policies in the inbound direction on Layer 2
interfaces
MAC authentication bypass to authorize clients based on the client MAC address
TACACS+ to manage network security through a TACACS server
RADIUS for verifying the identity of, granting access to, and tracking the actions of remote users
through AAA services
Catalyst 2360 Switch Software Configuration Guide
Features
1-5