Things You Need to Know about Mitigating VLAN Attacks
VLAN Hopping
Unused Ports:
- Shut down all unused ports
- Configure all unused ports to access mode
- Configure an access VLAN on all unused ports to an unused VLAN
- Configure a native trunk VLAN on all unused ports to be an unused VLAN
- Configure a trunk port with trunk mode on and disable trunk negotiation
- Configure a native trunk VLAN on trunk ports to an unused VLAN
- Configure the allowed VLANs on the trunk ports, and do not allow the native VLAN
- Switch(config)# access-list 100 permit ip 10.1.1.0 0.0.0.255 any
- Switch(config)# MAC access-list extended BACKUP_SERVER
- Switch(config-ext-mac)# permit any host 0000.1111.2222
- Switch(config)# VLAN access-map TEST 10
- Switch(config-map)# match ip address 10
- Switch(config-map)# action drop
- Switch(config-map)# VLAN access-map TEST 20
- Switch(config-map)# match mac address BACKUP_SERVER
- Switch(config-map)# action drop
- Switch(config-map)# VLAN access-map TEST 30
- Switch(config-map)# action forward
- Switch(config)# VLAN filter TEST VLAN-list 10,20
- Authentication – verifies user identity
- Authorization – specifies permitted tasks for a user
- Accounting – Provides billing, auditing and monitoring
- Switch(config)# username admin password Cisco
- Switch(config)# aaa new-model
- Switch(config)# radius-server host 10.1.1.50 auth-port 1812 key xyz123
- Switch(config)# aaa authentication login default group radius local
- Switch(config)# aaa authentication login NO_AUTH none
- Switch(config)# line vty 0 15
- Switch(config-line)# login authentication default
- Switch(config-line)# password San-Fran
- Switch(config-line)# line console 0
- Switch(config-line)# login authentication NO_AUTH
- Switch(config)# aaa new-model
- Switch(config)# radius-server host 10.1.1.50 auth-port 1812 key xyz123
- Switch(config)# aaa authentication dot1x default group radius
- Switch(config)# dot1x system-auth-control
- Switch(config)# interface fa0/1
- Switch(config-if)# switchport mode access
- Switch(config-if)# dot1x port-control auto
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows about Switch Security
- CCNP Exam Prep Tips and Must Knows
- CCNP Exam Prep Tips and Must Knows about Mitigating VLAN Attacks
Trunk Ports
VLAN Access Control Lists
Things You Need to Know about Authentication and Authorization Methods
AAA Network Configuration
Configuring User AAA Authentication
802.1X Port-Based Authentication
CCNP Exam Prep Tips and Must Knows Series
Please support our Sponsors here :