Currently browsing category

6.1 Switch Security

Switch ACLs

1. Port ACLs Can only be applied on physical L2 interfaces on a switch (not on etherchannels). They can only be applied on the inbound direction. A port ACL can be either a Standard ACL, an Extended ACL or an Extended MAC ACL. Only one standard or extended ACL and …

802.1x

1. Device Roles Client – aka “The Supplicant” – The client device that connects to the network. It must rung an 802.1x compliant software Authentication Server – performs the actual authentication based on the client credentails. Switch – aka “The authenticator” – acts as a proxy between the Client and …

DHCP Snooping and DAI

1. DHCP Snooping DHCP snooping can prevent unauthorized DHCP servers to reply to DHCP requests. A switch can define interfaces as trusted or untrusted. A trusted interface is where a DHCP server should be connected. On such interfaces, DHCP server messages are allowed. On all other untrusted ports, DHCP server …

Switchport Port Security

Port Security restricts the number of stations that are allowed to access a switch port. 1. Define allowed hosts Each time a host attempts to send a frame, the source MAC address is added to the list of secure MACs. This list of secure MAC addresses has a limited size, …

Switchport Traffic Control

1. Strom Control The Storm Control feature, will disable the interface as soon as a specific threshold is passed. The threshold is measured every 1 second. The threshold can represent the amount of broadcast, multicast or unicast traffic and it can configured with: All traffic on the interface will be …