Cisco Switch Security: MAC Address Spoofing, Table Overflows, and VLAN Attacks Mitigation, Lecture notes of Computer Networks

Information on various security threats to cisco lan switches, including mac address spoofing, mac address table overflows, stp manipulation, lan storms, and vlan attacks. It also outlines mitigation techniques such as configuring port security, enabling portfast, root guard, and bpdu guard to prevent these attacks.

Typology: Lecture notes

2017/2018

Uploaded on 04/14/2018

erno-rigo
erno-rigo 🇭🇺

1 document

1 / 102

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
© 2012 Cisco and/or its affiliates. All rights reserved. 1
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Cisco Switch Security: MAC Address Spoofing, Table Overflows, and VLAN Attacks Mitigation and more Lecture notes Computer Networks in PDF only on Docsity!

  • A switch makes a decision based on ingress and a destination port.
  • A LAN switch keeps a table that it uses to determine how to forward traffic through the switch.
  • Cisco LAN switches forward Ethernet frames based on the destination MAC address of the frames.
  • A VLAN is a logical partition of a Layer 2 network.
  • Multiple partitions can be created, allowing for multiple VLANs to co-exist.
  • Each VLAN is a broadcast domain, usually with its own IP network.
  • VLANs are mutually isolated and packets can only pass between them via a router.
  • The partitioning of the Layer 2 network takes place inside a Layer 2 device, usually via a switch.
  • The hosts grouped within a VLAN are unaware of the VLAN’s existence.
  • Data VLAN
  • Default VLAN
  • Native VLAN
  • Management VLAN
  • VLANs can be used to limit the reach of broadcast frames.
  • A VLAN is a broadcast domain of its own.
  • A broadcast frame sent by a device in a specific VLAN is forwarded within that VLAN only.
  • VLANs help control the reach of broadcast frames and their impact in the network.
  • Unicast and multicast frames are forwarded within the originating VLAN.
  • Frames that belong to the native VLAN are not tagged.
  • Frames received untagged remain untagged and are placed in the native VLAN when forwarded.
  • If there are no ports associated to the native VLAN and no other trunk links, an untagged frame is dropped.
  • In Cisco switches, the native VLAN is VLAN 1, by default.