CCNP Exam Prep Tips and Must Knows about Switch Security

Things You Need to Know About Switch Security

Modularizing Internal Security

• Use switch port security at the building access layer
• Use access lists at the building distribution layer
• Do not implement packet manipulation at the campus core layer
• Use host and network based IPS, private VLANs, ACLs, and secure passwords in the Server Farm

Switch Attack Categories
MAC address-based attacks

• MAC address flooding

VLAN attacks

• VLAN hopping

Spoofing attacks

• Spoofing DHCP, ARP and MAC addressing

Attacks on switch devices

• Cisco Discovery Protocol (CDP)
• Management protocols

Port Security

• Limits MAC flooding attacks and locks down the port
• Sets an SNMP trap
• Allowed frames are forwarded
• New MAC addresses over limit are not allowed
• Switch responds to non-allowed framed

Port Security Configuration

• Switch(config)# interface fa0/2
• Switch(config-if)# switchport mode access
• Switch(config-if)# switchport access VLAN 2
• Switch(config-if)# switchport port-security
• Switch(config-if)# switchport port-security maximum 2
• Switch(config-if)# switchport port-security mac-address 0000.1111.222
• Switch(config-if)# switchport port-security mac-address sticky
• Switch(config-if)# switchport port-security violate shut down
• Switch(config-if)# switchport port-security aging time 60
• Switch(config-if)# switchport port-security aging type inactivity

CCNP Exam Prep Tips and Must Knows Series

• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows
• CCNP Exam Prep Tips and Must Knows about Switch Security
• CCNP Exam Prep Tips and Must Knows