Beruflich Dokumente
Kultur Dokumente
• Rogue network
devices can be:
– Wireless hubs
– Wireless routers
– Access switches
– Hubs
• These devices are
typically connected
at access level
switches.
Switch Attack Categories
Switch#show port-security
Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa5/1 11 11 0 Shutdown
Fa5/5 15 5 0 Restrict
Fa5/11 5 4 0 Protect
---------------------------------------------------------------------------
• Authentication
– Verifies a user identify
• Authorization
– Specifies the permitted tasks for the
user
• Accounting
– Provides billing, auditing, and
monitoring
Authentication Methods
Switch(config)#aaa new-model
• Enables AAA
Switch(config)#aaa authentication dot1x {default} method1
[method2…]
Switch(config-vlan)#private-vlan association
{secondary_vlan_list | add svl | remove svl}
• Configure to protect
against rogue DHCP
servers.
• Configure for dynamic
ARP inspection.
Summary
Root
Before Loop Guard
Root
With Loop Guard
UDLD and Loop Guard Configuration
Commands
Switch(config)#udld enable
Switch(config-if)#udld enable
Switch(config-if)#udld disable
Switch(config)#access-list access-list-number
{permit | deny | remark} source [mask]