-
7/28/2019 Exploration LAN Switching Chapter2B
1/15
2006 Cisco Systems, Inc. All rights reserved. Cisco Publ icITE 1
Chapter 6 47
How to configure Telnet and SSH on a switch
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
2/15
2006 Cisco Systems, Inc. All rights reserved. Cisco Publ icITE 1
Chapter 6 48
Key switch security attacks: MAC address flooding
spoofing attacks
CDP attacks
Telnet attacks
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
3/15
2006 Cisco Systems, Inc. All rights reserved. Cisco Publ icITE 1
Chapter 6 49
Key switch security attacks:
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
4/15
2006 Cisco Systems, Inc. All rights reserved. Cisco Publ icITE 1
Chapter 6 50
Key switch security attacks:
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
5/15
2006 Cisco Systems, Inc. All rights reserved. Cisco Publ icITE 1
Chapter 6 51
Key switch security attacks:
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
6/15
2006 Cisco Systems, Inc. All rights reserved. Cisco Publ icITE 1
Chapter 6 52
How network security tools are used to improvenetwork
security
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
7/15 2006 Cisco Systems, Inc. All rights reserved. Cisco Publ
icITE 1 Chapter 6 53
Configuring port security Secure MAC address types:
Static:using commandswitchport port-security mac-address
address
Dynamic
Sticky:
Learns dynamically, then stores in running-config
Lost when switch restarts, but reloaded if config file
wassaved
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
8/15 2006 Cisco Systems, Inc. All rights reserved. Cisco Publ
icITE 1 Chapter 6 54
Configuring port security
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
9/15 2006 Cisco Systems, Inc. All rights reserved. Cisco Publ
icITE 1 Chapter 6 55
Cisco IOS commands used to disable unused ports
It is a security violation when any of theseoccurs:
The maximum number of secure MAC addresses have been addedto the
address table, and a station whose MAC address is not in the
address table attempts to access the interface.
An address learned or configured on one secure interface is seen
onanother secure interface in the same VLAN.
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
10/15
-
7/28/2019 Exploration LAN Switching Chapter2B
11/15 2006 Cisco Systems, Inc. All rights reserved. Cisco Publ
icITE 1 Chapter 6 57
Cisco IOS commands used to disable unused ports
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
12/15 2006 Cisco Systems, Inc. All rights reserved. Cisco Publ
icITE 1 Chapter 6 58
Cisco IOS commands used to disable unused ports
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
13/15 2006 Cisco Systems, Inc. All rights reserved. Cisco Publ
icITE 1 Chapter 6 59
Cisco IOS commands used to disable unused ports
It is also recommended to disable all unused ports:
Shutdown command
Use interface range
No shutdown to reactivate
Configuring Basic Security on a Switch
-
7/28/2019 Exploration LAN Switching Chapter2B
14/15 2006 Cisco Systems, Inc. All rights reserved. Cisco Publ
icITE 1 Chapter 6 60
Summary
LAN Design
Switch forwarding methods
Symmetric/Asymmetric switching
CISCO IOS CLI
-
7/28/2019 Exploration LAN Switching Chapter2B
15/1561
