| 8.1 Understanding Switch Security Issues |
|---|
| 8.1.1 Overview of Switch Security Concerns |
| 8.1.2 Describing Unauthorized Access by Rogue Devices |
| 8.1.3 Switch Attack Categories |
| 8.1.4 Describing a MAC Flooding Attack |
| 8.1.5 Describing Port Security |
| 8.1.6 Configuring Port Security on a Switch |
| 8.1.7 Port Security with Sticky MAC Addresses |
| 8.1.8 Authentication, Authorization, and Accounting |
| 8.1.9 Authentication Methods |
| 8.1.10 802.1x Port-Based Authentication |
| 8.2 Protecting Against VLAN Attacks |
|---|
| 8.2.1 Explaining VLAN Hopping |
| 8.2.2 Mitigating VLAN Hopping |
| 8.2.3 VLAN Access Control Lists |
| 8.2.4 Configuring VACLs |
| 8.2.5 Private VLANs and Protected Ports |
| 8.2.6 Configuring PVLANs |
| 8.3 Protecting Against Spoof Attacks |
|---|
| 8.3.1 Describing a DHCP Spoof Attack |
| 8.3.2 Describing DHCP Snooping |
| 8.3.3 Configuring DHCP Snooping |
| 8.3.4 Describing ARP Spoofing |
| 8.3.5 Dynamic ARP Inspection |
| 8.3.6 Configuring Dynamic ARP Inspection |
| 8.3.7 Protecting Against ARP Spoofing Attacks |
| 8.4 STP Security Mechanisms |
|---|
| 8.4.1 Protecting the Operation of STP |
| 8.4.2 Configuring BPDU Guard |
| 8.4.3 Configuring BPDU Filtering |
| 8.4.4 Root Guard |
| 8.4.5 Configuring Root Guard |
| 8.5 Preventing STP Forwarding Loops |
|---|
| 8.5.1 Unidirectional Link Detection |
| 8.5.2 Loop Guard |
| 8.5.3 Configuring UDLD and Loop Guard |
| 8.5.4 Preventing STP Failures Due to Unidirectional Links |
| 8.6 Securing Network Switches |
|---|
| 8.6.1 Describing Vulnerabilities in CDP |
| 8.6.2 Telnet Protocol Vulnerabilities |
| 8.6.3 Configuring the Secure Shell Protocol |
| 8.6.4 vty ACLs |
| 8.6.5 Applying ACLs to vty Lines |
| 8.6.6 Best Practices for Switch Security |
| 8.7 Switch Security Lab Exercises |
|---|
| 8.7.1 Lab 8-1 Securing the Layer 2 Switching Devices |
| 8.7.2 Lab 8-2 Securing Spanning Tree Protocol |
| 8.7.3 Lab 8-3 Securing VLANs with Private VLANs, RACLs, and VACLs |