Cisco Systems Korea Cisco Systems, Inc. All rights reserved. 1
|
|
- Milton Hudson
- 5 years ago
- Views:
Transcription
1 Cisco Systems Korea 2008 Cisco Systems, Inc. All rights reserved. 1
2 (Cisco Integrated Security Features) - Port Security - DHCP Snooping - Dynamic ARP Inspection - IP Source Guard - Traffic Storm Control -CoPP Cisco TrustSec (CTS) ; Why Cisco 2008 Cisco Systems, Inc. All rights reserved. 2
3 2008 Cisco Systems, Inc. All rights reserved. 3
4 =,, 2 Application Presentation Session POP3, IMAP, IM, SSL, SSH Application Presentation Session Transport Protocols/Ports Transport Network IP Addresses Network Data Link Data Link Physical Physical Links Physical 2008 Cisco Systems, Inc. All rights reserved. 4
5 2? VLAN? VLAN? VLAN VLAN? VLAN? Layer 2? VLAN Layer 3???? 2008 Cisco Systems, Inc. All rights reserved. 5
6 UC (Web 2.0) Si Si Si Si Si Si Peer-to-Peer Si Si Si Si Application 2008 Cisco Systems, Inc. All rights reserved. 6
7 CSI Computer Crime & Security * CSI Survey Cisco Systems, Inc. All rights reserved. 7
8 (Cisco Integrated Security Features) - Port Security - DHCP Snooping - Dynamic ARP Inspection - IP Source Guard - Traffic Storm Control 2008 Cisco Systems, Inc. All rights reserved. 8
9 2MAC - Macof/dsniff - NIC / DHCP - Gobbler - / DHCP ARP - IDC / / ARP flooding -STP Cisco Systems, Inc. All rights reserved. 9
10 MAC = Port Security 00:0e:00:aa:aa:aa 00:0e:00:bb:bb:bb 3 MAC 132,000 Bogus MACs MAC MAC, SNMP NMS 2008 Cisco Systems, Inc. All rights reserved. 10
11 DHCP DHCP Client DHCP Discover (Broadcast) DHCP Offer (Unicast) DHCP Request (Broadcast) DHCP Ack k(unicast) 2008 Cisco Systems, Inc. All rights reserved. 11
12 DHCP = Port Security Client DHCP lease MAC MAC DHCP CatOS set port security 5/1 enable set port security 5/1 port max 1 set port security 5/1 violation restrict set port security 5/1 age 2 set port security 5/1 timer type inactivity IOS, switchport port security 1 switchport port security maximum 1 DHCP switchport port security violation restrict switchport port security aging time 2 switchport port security aging type inactivity 2008 Cisco Systems, Inc. All rights reserved. 12
13 / DHCP = DHCP Snooping Client Untrusted DHCP Snooping Trusted Untrusted OK DHCP Responses: offer, ack, nak DHCP BAD DHCP Responses: offer, ack, nak DHCP Snooping Binding show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface :03:47:B5:9F:AD dhcp-snooping 4 FastEthernet3/18 t3/ Cisco Systems, Inc. All rights reserved. 13
14 ARP (Man-in-themiddle of attack) MAC A Is Now MAC C Transmit/Receive Traffic to MAC C Transmit/Receive Traffic to MAC C MAC C MAC B Is Now MAC C 2008 Cisco Systems, Inc. All rights reserved. 14
15 ARP : Dynamic ARP Inspection ARP Saying is MAC C DHCP Snooping Binding Dynamic ARP Inspection None ARP IP/MAC Matching Binding ARP s in the MAC A Bit Bucket, bit bucket Is this in my Binding NO! Table? DHCP Snooping + Dynamic ARP inspection MAC B MAC C ARP Saying is MAC C 2008 Cisco Systems, Inc. All rights reserved. 15
16 MAC Traffic Sent with MAC B Source Received Traffic Source Address Mac B MAC A MAC MAC Layer 2, MAC C MAC B 2008 Cisco Systems, Inc. All rights reserved. 16
17 IP Traffic Sent with IP Source Received Traffic Source IP Mac C MAC A IP IP MAC C MAC B 2008 Cisco Systems, Inc. All rights reserved. 17
18 IP/MAC : IP Source Guard Traffic Sent with IP Mac B Non Is Matching this in my Binding NO! Traffic Table? Dropped MAC A DHCP Snooping Binding IP Source Guard Dynamic ARP Inspection (DAI) DAI ARP, IP Source Guard DHCP Snooping Dynamic ARP inspection IP Source Guard MAC C Received Traffic Source IP Mac B Traffic Sent with IP Mac C MAC B 2008 Cisco Systems, Inc. All rights reserved. 18
19 Traffic Storm Control Flooding DoS Packets Dropped Traffic Storm = VLAN flooding Broadcast, multicast, unicast flooding ) STP, 0 T1 T2 T3! Storm control storm-control broadcast level 1.0 storm-control multicast level Cisco Systems, Inc. All rights reserved. 19
20 Building the Layers Port Security Port security: MAC flooding DHCP DHCP Snooping: / DHCP Dynamic ARP Inspection: ARP IP source guard: IP/MAC Traffic Storm Control: Flooding DoS 2008 Cisco Systems, Inc. All rights reserved. 20
21 : CoPP (Control Plane Policing) 2008 Cisco Systems, Inc. All rights reserved. 21
22 Control Plane Control Plane MGMT SNMP, Telnet ICMP Routing Updates Logging ARP IP Options Arriving packets CONTROL PLANE DATA PLANE CPU - Routing neighbor - - STP / - HSRP - Logging - ARP - CLI - Switch Hang Cisco Systems, Inc. All rights reserved. 22
23 CoPP Control Plane Policing (CoPP) : Data Plane Control Plane, Control Plane Control Plane CONTROL PLANE CONTROL PLANE INTERFACE DATA PLANE Linecard Linecard Switch(config)#control plane Switch(config cp)#service policy input <name> : the control-plane interface QoS (MQC) config DoS 2008 Cisco Systems, Inc. All rights reserved. 23
24 Cisco TrustSec 2008 Cisco Systems, Inc. All rights reserved. 24
25 Security and Compliance Driving Need for Increased Security with Pervasive Identity New and Changing Regulations Mobility and Uniformity of Experience Consistent Service Delivery Customer and Partner Interactions 2008 Cisco Systems, Inc. All rights reserved. 25
26 Cisco TrustSec (CTS) Cisco TrustSec (CTS)? Topology-aware Role-aware 1 Role-aware & 2 Framework 3 Hop-by-hop 2008 Cisco Systems, Inc. All rights reserved. 26
27 CTS: SGACL Employee E C CRM Partner P G U I Internet Guest Process Authorization Rules Cisco ACS Verify Identity Credentials and Obtain Additional Attributes Legend Link/Port Status Unauthenticated Failed Authentication Authenticated Shutdown Ingress Tagging Egress Filtering Security Group Classifications E Employee Group C Confidential Group P Partner Group U Unrestricted Group G Guest Group I Internet Group Radius / AD SGACL Cisco Systems, Inc. All rights reserved. 27
28 Cisco TrustSec : Link Layer Encryption IEEE 802.1ae Hop-by-Hop p / Bump-in-the-wire packet inspection (NetFlow, CISF, IDS) TrustSec /802.1 AE Encrypted In the Clear Cipher Data In the Clear TrustSec /802.1 AE Encrypted Cipher Data TrustSec /802.1 AE Encrypted Decrypt On Ingress Interface Encrypt On Egress Interface Decrypt Encrypt 2008 Cisco Systems, Inc. All rights reserved. 28
29 ; Why Cisco 2008 Cisco Systems, Inc. All rights reserved. 29
30 ; Why Cisco Netflow System Under Attack Si Si Si Si Core Cisco TrustSec Si Access Infected Source Cisco Security Agent Si Distribution Access End-To-End QoS Scavenger Class RACL/PBACL Storm Control IP Source Guard/uRPF NetFlow Rate Limiters CoPP NAC and IBNS PACLs CISF PISA FPM & NBAR NetFlow 2008 Cisco Systems, Inc. All rights reserved. 30
31 2008 Cisco Systems, Inc. All rights reserved. 31
32 Layer 2 Best Practices (1/2) (SSH, Out Of Band, permit lists,.) trunk VLAN ID Be paranoid: VLAN1! non trunking (Cisco IPT, Voice + Data VLAN) Port-Security SNMP community ARP (ARP inspection, IDS/IPS,.) 2008 Cisco Systems, Inc. All rights reserved. 32
33 Layer 2 Best Practices (2/2) STP (BPDU Guard, Root Guard, Loop Guard ) DHCP (DHCP Snooping, VACLs) VTP transparent ; MD5 CDP enable (IPT,, ), VLAN Best Practice!!! 2008 Cisco Systems, Inc. All rights reserved. 33
34 Matrix for Security Features (1/3) Feature/Platform Nexus 7K NXOS 6500/ Catalyst OS 6500/Cisco IOS 4500/Cisco IOS Dynamic Port Security (1) 12.1(13)E1(13)E 12.1(13)EW1(13)EW DHCP Snooping (1) 12.2(18)SXE 12.1(12c)EW ** DAI (1) 12.2(18)SXE 12.1(19)EW ** IP Source Guard (1)* 12.2(18)SXD22(18)SXD2 12.1(19)EW ** CoPP 4.0 N/A 12.2(18)SXD1 12.2(31)SG * Sup720 ** Sup2+ Supervisor 2008 Cisco Systems, Inc. All rights reserved. 34
35 Matrix for Security Features (2/3) Feature/Platform 3750/3560 EMI 3550 EMI 2960 EI 2950 EI 2950 SI Dynamic Port Security 12.1(25)SE 12.2(25)SEA 12.1(11)AX 12.0(5.2)WC1 12.0(5.2) WC1 DHCP Snooping 12.1(25)SE1(25)SE 12.2(25)SEA2(25)SEA 12.1(19)EA11(19)EA1 12.1(19)EA11(19)EA1 N/A DAI 12.2(25)SE 12.2(25)SEA N/A N/A N/A IP Source Guard 12.2(25)SE 12.2(25)SEA N/A N/A N/A Note: Old Names of the IOS for the 3000 Series Switches IOS Feature Finder Cisco Systems, Inc. All rights reserved. 35
36 Matrix for Security Features (3/3) Feature/ Platform 3750/3560 Advance IP 3550 Advanced IP 3750/3560 IP Base 3550 IP Base Dynamic Port Security 12.1(25)SE 12.2(25)SEA 12.1(25)SE 12.2(25)SEA DHCP Snooping 12.1(25)SE 12.1(25)SEA 12.1(25)SE 12.1(25)SEA DAI 12.2(25)SE 12.2(25)SEA 12.2(25)SE 12.2(25)SEA IP Source Guard 12.2(25)SE 12.2(25)SEA 12.1(25)SE 12.2(25)SEA Note: Name Change of the IOS on the 3000 Series Switches IOS Feature Finder Cisco Systems, Inc. All rights reserved. 36
37 2008 Cisco Systems, Inc. All rights reserved. 37
Understanding and Preventing Layer 2 Attacks in IPv4 Network
Understanding and Preventing Layer 2 Attacks in IPv4 Network Troy Sherman Uber Geek Agenda Layer 2 Attack Landscape Attacks and Countermeasures MAC Attacks VLAN Hopping DHCP Attacks ARP Attacks Spoofing
More informationUnderstanding and Preventing Layer 2 Attacks BRKSEC-2002
Understanding and Preventing Layer 2 Attacks BRKSEC-2002 Agenda Layer 2 Attack Landscape Attacks and Countermeasures MAC Attacks VLAN Hopping DHCP Attacks ARP Attacks Spoofing Attacks Attacks on other
More informationUnderstanding and Preventing Layer 2 Attacks in an IPv4 Network
Understanding and Preventing Layer 2 Attacks in an IPv4 Network Agenda Layer 2 Attack Landscape Attacks and Countermeasures MAC Attacks VLAN Hopping DHCP Attacks ARP Attacks Spoofing Attacks General Attacks
More informationMassimiliano Sbaraglia
Massimiliano Sbaraglia Printer Layer 2 access connections to End-Point Layer 2 connections trunk or layer 3 p2p to pair distribution switch PC CSA PVST+ or MST (Spanning Tree Protocol) VLANs LapTop VoIP
More informationCisco Trusted Security Enabling Switch Security Services
Cisco Trusted Security Enabling Switch Security Services Michal Remper, CCIE #8151 CSE/AM mremper@cisco.com 2009 Cisco Systems, Inc. All rights reserved. 1 Enter Identity & Access Management Strategic
More informationBuilding Cisco Multilayer Switched Networks (BCMSN)
Building Cisco Multilayer Switched Networks (BCMSN) Table of Contents Module 1 Defining VLANs Implementing Best Practices for VLAN Topologies Describing Issues in a Poorly Designed Network Grouping Business
More informationFundamental IOS Security
Fundamental IOS Security Troy Sherman Principle Engineer Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationQ&As Implementing Cisco IP Switched Networks (SWITCH v2.0)
CertBus.com 300-115 Q&As Implementing Cisco IP Switched Networks (SWITCH v2.0) Pass Cisco 300-115 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee
More informationConfiguring Private VLANs
CHAPTER 15 This chapter describes how to configure private VLANs on the Cisco 7600 series routers. Note For complete syntax and usage information for the commands used in this chapter, refer to the Cisco
More informationConfiguring SPAN and RSPAN
41 CHAPTER This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4500 series switches. SPAN selects network traffic for analysis by a network
More informationConfiguring DHCP Features
CHAPTER 19 This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping and the option-82 data insertion features on the Catalyst 3750 switch. Unless otherwise noted, the
More informationExample: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch
Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch Requirements You can configure DHCP snooping, dynamic ARP inspection
More informationConfiguring Control Plane Policing
21 CHAPTER This chapter describes how to configure control plane policing (CoPP) on the NX-OS device. This chapter includes the following sections: Information About CoPP, page 21-1 Guidelines and Limitations,
More informationNetwork Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018
Network Security The Art of War in The LAN Land Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018 Part I MAC Attacks MAC Address/CAM Table Review 48 Bit Hexadecimal Number Creates Unique
More informationConfiguring Q-in-Q VLAN Tunnels
This chapter describes how to configure Q-in-Q VLAN tunnels. Finding Feature Information, page 1 Feature History for Q-in-Q Tunnels and Layer 2 Protocol Tunneling, page 1 Information About Q-in-Q Tunnels,
More informationExample: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces
Example: Configuring IP Source Guard with Other EX Series Switch Features to Mitigate Address-Spoofing Attacks on Untrusted Access Interfaces Requirements Ethernet LAN switches are vulnerable to attacks
More informationCCNP Switch Questions/Answers Securing Campus Infrastructure
What statement is true about a local SPAN configuration? A. A port can act as the destination port for all SPAN sessions configured on the switch. B. A port can be configured to act as a source and destination
More informationSymbols. Numerics INDEX
INDEX Symbols $ matches the end of a string 7 ( ) in commands 10 * matches 0 or more sequences of a pattern 7 + matches 1 or more sequences of a pattern 7. matches any single character 7? command 1? matches
More informationSecurity Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)
Security Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches) First Published: 2017-07-31 Last Modified: 2017-11-03 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive
More informationQuestion No : 1 Which three items must be configured in the port profile client in Cisco UCS Manager? (Choose three.)
Volume: 123 Questions Question No : 1 Which three items must be configured in the port profile client in Cisco UCS Manager? (Choose three.) A. port profile B. DVS C. data center D. folder E. vcenter IP
More informationBuilding A Resilient Campus: Fundamentals and Best Practices
Building A Resilient Campus: Fundamentals and Best Practices Chara Kontaxi Systems Engineer, ckontaxi@cisco.com 1 The Resilient Enterprise Campus High-Availability Design Requirements Campus network design
More informationConfiguring Web-Based Authentication
CHAPTER 42 This chapter describes how to configure web-based authentication. It consists of these sections: About Web-Based Authentication, page 42-1, page 42-5 Displaying Web-Based Authentication Status,
More informationFinding Feature Information, page 2 Information About DHCP Snooping, page 2 Information About the DHCPv6 Relay Agent, page 8
This chapter describes how to configure the Dynamic Host Configuration Protocol (DHCP) on a Cisco NX-OS device. This chapter includes the following sections: Finding Feature Information, page 2 Information
More informationExample: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks
Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks In an ARP spoofing attack, the attacker associates its own MAC address with the IP address of a network device
More informationConfiguring MAC Address Tables
This chapter contains the following sections: Information About MAC Addresses, page 1 Guidelines for Configuring the MAC Address Tables, page 2 MAC Address Movement, page 2 Configuring MAC Addresses, page
More informationInternetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview
Internetwork Expert s CCNA Security Bootcamp Mitigating Layer 2 Attacks http:// Layer 2 Mitigation Overview The network is only as secure as its weakest link If layer 2 is compromised, all layers above
More informationCisco IOS Commands for the Catalyst 4500 Series Switches
2 CHAPTER Cisco IOS Commands for the Catalyst 4500 Series Switches This chapter contains an alphabetical listing of Cisco IOS commands for the Catalyst 4500 series switches. For information about Cisco
More information48-Port 10/100/1000BASE-T + 4-Port 100/1000BASE-X SFP Gigabit Managed Switch GS T4S
48-Port 10/100/1000BASE-T + 4-Port 100/1000BASE-X SFP Gigabit Managed Switch GS-4210-48T4S Outlines Product Overview Product Benefits Applications Appendix Product Features 2 / 42 Product Overview Layer
More informationConfiguring Private VLANs Using NX-OS
This chapter describes how to configure private VLANs on Cisco NX-OS devices. Private VLANs provide additional protection at the Layer 2 level. This chapter includes the following sections: Finding Feature
More informationConfiguring MAC Address Tables
This chapter contains the following sections: Information About MAC Addresses, page 1 Configuring MAC Addresses, page 2 Configuring MAC Move Loop Detection, page 4 Verifying the MAC Address Configuration,
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationConfiguring SPAN and RSPAN
34 CHAPTER This chapter describes how to configure the Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on the Catalyst 4500 series switches. SPAN selects network traffic for analysis by a network
More informationCatalyst 4500 Series IOS Commands
CHAPTER Catalyst 4500 Series IOS Commands New Commands call-home (global configuration) call-home request call-home send call-home send alert-group call-home test clear energywise neighbors clear errdisable
More informationCisco IOS Commands for the Catalyst 4500 Series Switches
CHAPTER 2 Cisco IOS Commands for the Catalyst 4500 Series Switches This chapter contains an alphabetical listing of Cisco IOS commands for the Catalyst 4500 series switches. For information about Cisco
More informationCisco IOS Commands for the Catalyst 4500 Series Switches
CHAPTER 2 Cisco IOS Commands for the Catalyst 4500 Series Switches This chapter contains an alphabetical listing of Cisco IOS commands for the Catalyst 4500 series switches. For information about Cisco
More informationPort ACLs (PACLs) Prerequisites for PACls CHAPTER
71 CHAPTER Prerequisites for PACls, page 71-1 Restrictions for PACLs, page 71-2 Information About PACLs, page 71-2 How to Configure PACLs, page 71-7 Note For complete syntax and usage information for the
More informationCisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide
Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide Introduction This is the first of a series of documents on the design and implementation of a wireless
More informationConfiguring Port-Based Traffic Control
Overview of Port-Based Traffic Control, page 1 Finding Feature Information, page 2 Information About Storm Control, page 2 How to Configure Storm Control, page 4 Information About Protected Ports, page
More information22 Cisco IOS Commands for the Catalyst 4500 Series Switches interface
Chapter 2 22 interface interface To select an interface to configure and to enter interface configuration mode, use the interface command. interface type number type number Type of interface to be configured;
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More informationConfiguring Private VLANs
36 CHAPTER This chapter describes private VLANs (PVLANs) on Catalyst 4500 series switches. It also provides restrictions, procedures, and configuration examples. This chapter includes the following major
More informationConfiguring Web-Based Authentication
This chapter describes how to configure web-based authentication on the switch. It contains these sections: Finding Feature Information, page 1 Web-Based Authentication Overview, page 1 How to Configure
More informationConfiguring Web-Based Authentication
CHAPTER 61 This chapter describes how to configure web-based authentication. Cisco IOS Release 12.2(33)SXH and later releases support web-based authentication. Note For complete syntax and usage information
More informationConfiguring DHCP Snooping
15 CHAPTER This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping on an NX-OS device. This chapter includes the following sections: Information About DHCP Snooping,
More informationThis chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. Finding Feature Information, page 1 NetFlow, page 2 Licensing Requirements for NetFlow, page 6 Prerequisites for NetFlow,
More informationCCNA Practice test. 2. Which protocol can cause high CPU usage? A. NTP B. WCCP C. Telnet D. SNMP Answer: D
1. Which network would support at least 30 hosts? A. 10.0.0.0 255.255.255.252 B. 10.0.0.0 255.255.255.240 C. 10.0.0.0 255.255.255.224 D. 10.0.0.0 255.255.255.248 2. Which protocol can cause high CPU usage?
More informationSections Describing Standard Software Features
30 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic-qos (auto-qos) commands or by using standard QoS commands. With QoS, you can give preferential treatment to
More informationConfiguring Rate Limits
This chapter describes how to configure rate limits for supervisor-bound traffic on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information About
More informationConfiguring Private VLANs
Finding Feature Information, on page 1 Prerequisites for Private VLANs, on page 1 Restrictions for Private VLANs, on page 1 Information About Private VLANs, on page 2 How to Configure Private VLANs, on
More informationConfiguring DHCP Snooping
This chapter contains the following sections: Information About DHCP Snooping, page 1 DHCP Overview, page 2 BOOTP Packet Format, page 4 Trusted and Untrusted Sources, page 6 DHCP Snooping Binding Database,
More informationConfiguring Q-in-Q VLAN Tunnels
Information About Q-in-Q Tunnels, page 1 Licensing Requirements for Interfaces, page 7 Guidelines and Limitations, page 7 Configuring Q-in-Q Tunnels and Layer 2 Protocol Tunneling, page 8 Configuring Q-in-Q
More informationConfiguring IPv6 First-Hop Security
This chapter describes the IPv6 First-Hop Security features. This chapter includes the following sections: Finding Feature Information, on page 1 Introduction to First-Hop Security, on page 1 RA Guard,
More informationCisco Certdumps Questions & Answers - Testing Engine
Cisco Certdumps 642-996 Questions & Answers - Testing Engine Number: 642-996 Passing Score: 797 Time Limit: 120 min File Version: 16.8 http://www.gratisexam.com/ Sections 1. A 2. B 3. C 4. Exhibit Case
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More informationSections Describing Standard Software Features
27 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic-qos (auto-qos) commands or by using standard QoS commands. With QoS, you can give preferential treatment to
More information-1- Command Guide of SGS T2X
-1- Command Guide of SGS-5220-24T2X Contents Command Guide of SGS-5220-24T2X Chapter 1 COMMAND LINE INTERFACE... 18 1.1 Accessing the CLI... 18 1.2 Command Line Modes... 18 1.3 Requirements... 19 Chapter
More informationConfiguring Port-Based Traffic Control
CHAPTER 18 This chapter describes how to configure port-based traffic control features on the Catalyst 3750 Metro switch. For complete syntax and usage information for the commands used in this chapter,
More informationConfiguring Private VLANs
36 CHAPTER This chapter describes private VLANs (PVLANs) on Catalyst 4500 series switches. It also provides restrictions, procedures, and configuration examples. This chapter includes the following major
More informationNumber: Passing Score: 800 Time Limit: 120 min File Version: 9.0. Cisco Questions & Answers
300-115 Number: 300-115 Passing Score: 800 Time Limit: 120 min File Version: 9.0 Cisco 300-115 Questions & Answers Implementing Cisco IP Switched Networks Version: 9.0 Cisco 300-115 Exam Topic 1, Layer
More informationConverged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3
Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3 Last Updated: November, 2013 Introduction This guide is designed to help you deploy and monitor new features introduced in the IOS
More informationWhite Paper. Ruijie DHCP Snooping. White Paper
White Paper Contents Introduction... 3 Technical Analysis of DHCP... 4 DHCP Overview...4 DHCP Technical Principle...5 Technical Analysis of DAI... 7 ARP Overview...7 ARP Spoofing Technical Principle...7
More informationConfiguring VLANs. Finding Feature Information. Prerequisites for VLANs
Finding Feature Information, page 1 Prerequisites for VLANs, page 1 Restrictions for VLANs, page 2 Information About VLANs, page 2 How to Configure VLANs, page 7 Monitoring VLANs, page 19 Where to Go Next,
More informationConfiguring Access and Trunk Interfaces
Configuring Access and Trunk Interfaces Ethernet interfaces can be configured either as access ports or trunk ports. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend
More informationConfiguring Voice VLAN
CHAPTER 15 This chapter describes how to configure the voice VLAN feature on the Catalyst 3750 switch. Unless otherwise noted, the term switch refers to a standalone switch and a switch stack. Voice VLAN
More informationConfiguring Port-Based Traffic Control
CHAPTER 22 This chapter describes how to configure the port-based traffic control features on the Cisco ME 3400 Ethernet Access switch. For complete syntax and usage information for the commands used in
More informationUnderstanding and Configuring Private VLANs
CHAPTER 8 This chapter describes private VLANs on the Catalyst 4000 family switches. It also provides guidelines, procedures, and configuration examples. This chapter includes the following major sections:
More informationPracticeTorrent. Latest study torrent with verified answers will facilitate your actual test
PracticeTorrent http://www.practicetorrent.com Latest study torrent with verified answers will facilitate your actual test Exam : 642-980 Title : Troubleshooting Cisco Data Center Unified Fabric (DCUFT)
More informationCisco IOS Commands for the Catalyst 4500 Series Switches
CHAPTER 2 Cisco IOS Commands for the Catalyst 4500 Series Switches This chapter contains an alphabetical listing of Cisco IOS commands for the Catalyst 4500 series switches. For information about Cisco
More informationConfiguring Network Security with ACLs
26 CHAPTER This chapter describes how to use access control lists (ACLs) to configure network security on the Catalyst 4500 series switches. Note For complete syntax and usage information for the switch
More informationHuawei Enterprise S2700 Series Switches
Huawei Enterprise S2700 Series Switches 2 Product Overview The S2700 series enterprise switches (S2700 for short) are next-generation energy-saving M Ethernet intelligent switches. The S2700 utilizes cutting-edge
More informationCisco Networking Academy CCNP
Semester 3 v5 -Chapter 8 Cisco Networking Academy CCNP Minimizing Service Loss and Data Theft in a Campus Network Switch security concerns Network security coverage often focuses on edge-routing devices
More informationConfiguring Dynamic ARP Inspection
21 CHAPTER This chapter describes how to configure dynamic Address Resolution Protocol inspection (dynamic ARP inspection) on the Catalyst 3560 switch. This feature helps prevent malicious attacks on the
More informationQuidway S2700 Series Enterprise Switches
Quidway S2700 Series Enterprise Switches Quidway S2700 Series Enterprise Switches Product Overview The Quidway S2700 enterprise switches (S2700 for short) are next-generation energy-saving 100M Ethernet
More informationBridging Traffic CHAPTER3
CHAPTER3 This chapter describes how clients and servers communicate through the ACE using either Layer 2 (L2) or Layer 3 (L3) in a VLAN configuration. When the client-side and server-side VLANs are on
More informationCisco Exam Cisco Data Center Networking Fabric Solutions Implementation Version: 7.0 [ Total Questions: 73 ]
s@lm@n Cisco Exam 642-992 Cisco Data Center Networking Fabric Solutions Implementation Version: 7.0 [ Total Questions: 73 ] Question No : 1 How many paths can be considered in NX-OS for equal-cost multipathing?
More informationPreview Test: cis191_chap1_quiz
3/9/2015 Preview Test: cis191_chap1_quiz 20155229528. Sunyata 98 Courses Organizations Need Help? Prevent Sexual Violence Preview Test: cis191_chap1_quiz Test Information Description Instructions Timed
More informationSecuring Wireless LAN Controllers (WLCs)
Securing Wireless LAN Controllers (WLCs) Document ID: 109669 Contents Introduction Prerequisites Requirements Components Used Conventions Traffic Handling in WLCs Controlling Traffic Controlling Management
More informationProduct features. Applications
Applications Layer 2+ VLAN static routing application The managed switch features a built-in, robust IPv4/IPv6 Layer 3 traffic static routing protocol to ensure reliable routing between VLANs and network
More informationCatalyst 4500 Series IOS Commands
CHAPTER Catalyst 4500 Series IOS Commands New Commands dot1x guest-vlan supplicant ip dhcp snooping information option allow-untrusted port-security mac-address port-security mac-address sticky port-security
More informationConfiguring DHCP Features and IP Source Guard
CHAPTER 21 This chapter describes how to configure DHCP snooping and option-82 data insertion, and the DHCP server port-based address allocation features on the switch. It also describes how to configure
More informationWritten by Alexei Spirin Wednesday, 02 January :06 - Last Updated Wednesday, 02 January :24
This is a pretty complex but robust switch configuration with almost maximum access layer security in mind. I call it L2-security and it includes: - 802.1x (used with Microsoft Radius service for user
More informationConfiguring IEEE 802.1x Port-Based Authentication
CHAPTER 8 Configuring IEEE 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the switch. IEEE 802.1x authentication prevents unauthorized
More informationConfiguring Port-Based Traffic Control
Overview of Port-Based Traffic Control, page 2 Finding Feature Information, page 2 Information About Storm Control, page 2 How to Configure Storm Control, page 4 Finding Feature Information, page 9 Information
More informationGS-2610G L2+ Managed GbE Switch
GS-2610G L2+ Managed GbE Switch Overview GS-2610G L2+ Managed Switch is a next-generation Ethernet Switch offering full suite of L2 features, including advanced L3 features such as Static Route that delivers
More informationConfiguring SPAN and RSPAN
24 CHAPTER This chapter describes how to configure Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) on your Catalyst 2950 or Catalyst 2955 switch. Note For complete syntax and usage information for
More informationConfiguring Interface Characteristics
CHAPTER 11 This chapter defines the types of interfaces on the Catalyst 3750 switch and describes how to configure them. Unless otherwise noted, the term switch refers to a standalone switch and a switch
More informationUnderstanding and Configuring Dynamic ARP Inspection
29 CHAPTER Understanding and Configuring Dynamic ARP Inspection This chapter describes how to configure Dynamic ARP Inspection (DAI) on the Catalyst 4500 series switch. This chapter includes the following
More informationConfiguring Rate Limits
22 CHAPTER This chapter describes how to configure rate limits for egress traffic on NX-OS devices. This chapter includes the following topics: Information About Rate Limits, page 22-1 Virtualization Support,
More informationConfigure Devices Using Converged Access Deployment Templates for Campus and Branch Networks
Configure Devices Using Converged Access Deployment Templates for Campus and Branch Networks What Are Converged Access Workflows?, on page 1 Supported Cisco IOS-XE Platforms, on page 3 Prerequisites for
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationDGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide. Figure 9-1 Port Security Global Settings window
9. Security DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide Port Security 802.1X AAA RADIUS TACACS IMPB DHCP Server Screening ARP Spoofing Prevention MAC Authentication Web-based
More informationConfiguring DHCP. Finding Feature Information
This chapter describes how to configure the Dynamic Host Configuration Protocol (DHCP) on a Cisco NX-OS device. This chapter includes the following sections: Finding Feature Information, page 1 Information
More informationConfiguring Control Plane Policing
This chapter contains the following sections: Information About CoPP Information About CoPP, on page 1 Control Plane Protection, on page 2 CoPP Policy Templates, on page 4 CoPP Class Maps, on page 8 Packets
More informationConfiguring Virtual Port Channels
This chapter contains the following sections: Information About vpcs vpc Overview Information About vpcs, on page 1 Guidelines and Limitations for vpcs, on page 11 Verifying the vpc Configuration, on page
More informationConfiguring IEEE 802.1x Port-Based Authentication
CHAPTER 9 Configuring IEEE 802.1x Port-Based Authentication This chapter describes how to configure IEEE 802.1x port-based authentication on the Catalyst 2960 switch. IEEE 802.1x authentication prevents
More informationConfiguring Web-Based Authentication
The Web-Based Authentication feature, also known as web authentication proxy, authenticates end users on host systems that do not run the IEEE 802.1x supplicant. Finding Feature Information, on page 1
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 200-125 Title : CCNA Cisco Certified Network Associate CCNA (v3.0) Vendor : Cisco Version : DEMO Get
More informationConfiguring Virtual Port Channels
This chapter contains the following sections: Information About vpcs, page 1 Guidelines and Limitations for vpcs, page 10 Configuring vpcs, page 11 Verifying the vpc Configuration, page 25 vpc Default
More informationChapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
More informationUnderstanding Switch Security
Overview of Switch Security Understanding Switch Security Most attention surrounds security attacks from outside the walls of an organization. Inside the network is left largely unconsidered in most security
More information