Scribd Logo
Upload

Welcome to Scribd!

  • Configuration Detail Switch Access

    Uploaded by

    nggianglx
    54 views2 pages
    Configuration detail switch access (cisco) spanning-tree mode rapid-pvst. Ip dhcp snooping (global) vlan vlan_id (interface) ip arp inspection trust if the interface is not trusted then validate.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Configuration detail switch access (cisco) spanning-tree mode rapid-pvst. Ip dhcp snooping (global) vlan vlan_id (interface) ip arp inspection trust if the interface is not trusted then validate.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    54 views2 pages

    Configuration Detail Switch Access

    Uploaded by

    nggianglx
    Configuration detail switch access (cisco) spanning-tree mode rapid-pvst. Ip dhcp snooping (global) vlan vlan_id (interface) ip arp inspection trust if the interface is not trusted then validate.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Configuration detail switch access (cisco)

    1. Secure MAC, strike MAC spoofing Att


    description XXX
    switchport mode access
    spanning-tree portfast
    switchport port-security
    switchport port-security violation restrict
    switchport port-security mac-address sticky

    2. Spanning-tree
    2.1 Portfast
    Enable default portfast for all access port
    spanning-tree portfast enable
    2.2 Rapid STP
    spanning-tree mode rapid-pvst

    3. Protecting the network from spoofing att(DHCP, ARP)

    3.1 Secure DHCP source


    (global) ip dhcp snooping
    (global) ip dhcp snooping infomation option
    (interface) ip dhcp snooping trust
    (global) ip dhcp snooping vlan vlan_id

    3.2 Dynamic ARP Inspection


    (global) ip arp inspection vlan vlan_id
    (interface) ip arp inspection trust
    if the interface is not trusted then validate
    (interface) ip arp inspection validate

    4. Access restriction using ACL


    line con 0
    exec-timeout 6 0
    password 7 15315A1F077A
    login
    transport input none
    line 1 8
    speed 115200
    line aux 0
    line vty 0 4
    access-class 90 in
    password 7 0817627E3D4A35362B
    login
    transport input telnet, or SSH.
    5. Turn off CDP if possible
    6. Secure STP
    7. Double check trunk link
    8. Using secure access client such as SSHv2
    9. Using syslog
    10. Avoid using VLAN1 for management purposes

    You might also like