• Key switch security issues should be identified on a switched
network and proper measures taken to mitigate known attacks. • VLAN trunk links should be secured to defend against VLAN hopping attacks. • DHCP snooping, port security, and dynamic ARP inspection are used to protect the network against spoofing attacks. • When placed into service, switches should be configured according to best practices to secure the switch device and its protocols from attacks that can be launched through a switch. • UDLD and loop guard protect the network from anomalous STP conditions that result from unidirectional links. • Implement AAA services to support port authentication using 802.1x.