The document provides an overview of layer 2 security, discussing topics such as MAC address spoofing attacks, MAC address table overflow attacks, STP manipulation attacks, broadcast storm attacks, and VLAN hopping attacks. It also covers configurations for switch port security including setting port security parameters, violations, aging, and best practices.
The document discusses various methods for attacking network switches, including MAC flooding attacks, MAC spoofing attacks, and attacks against the Spanning Tree Protocol (STP). It describes how MAC flooding can overwhelm a switch's bridging table and cause frames to flood across all ports. It also outlines several countermeasures switches can implement, such as port security, BPDU guard, and root guard, to prevent MAC flooding and spoofing attacks as well as STP attacks.
The document provides an overview of the OSI model, TCP/IP protocols, Cisco IOS modes, router components, cabling, router management, LAN switching concepts, IP addressing, routing protocols, and IPv6 migration methods. It summarizes key topics for the CCNA exam in 10 sentences or less per section.
Securing network switches at the layer 2 level is important to prevent various attacks. The document outlines steps to secure administrative access to switches, protect the management port, turn off unused services and interfaces, and use features like DHCP snooping, dynamic ARP inspection (DAI), port security, and VLANs to mitigate attacks like VLAN hopping, STP manipulation, DHCP spoofing, ARP spoofing, CAM table overflows, and MAC address spoofing. Following configuration best practices and securing switches at layer 2 helps strengthen network security.
This document provides an overview of Cisco router modes, commands, and configuration options. It lists the different router modes including user exec mode, privileged exec mode, global configuration mode, interface configuration mode, and router configuration mode. It also lists many common Cisco router commands used for configuration, troubleshooting, and management. These commands allow configuration and management of interfaces, routing protocols, access control lists, NAT, DHCP, and other router functions. The document provides brief descriptions and examples of using some key commands.
1. Ethernet switches build MAC-address tables through a dynamic learning process to forward frames based on MAC addresses.
2. Switches maintain CAM, TCAM, and ARP tables to perform layer 2 switching functions like address learning, forwarding, and loop avoidance.
3. VLANs create multiple broadcast domains on a switch to control broadcast traffic and improve security and flexibility.
This document provides a CCNA command cheat sheet covering Cisco IOS commands for the CCNA exam. It includes sections summarizing commands for Cisco device configuration, interface configuration, routing protocols, privilege mode commands, and more. The cheat sheet covers both ICND exam parts 1 and 2 and is intended to help review the majority of commands found on the CCNA exam.
The document discusses configuring basic security features on a network switch, including password protection, login banners, and port security to restrict access by MAC address. It describes how to configure port security options like maximum MAC addresses, static vs. dynamic addressing, violation modes, and how to verify the port security configuration using show commands. The goal is to secure the switch ports and prevent common attacks like MAC flooding.
The document discusses various methods for attacking network switches, including MAC flooding attacks, MAC spoofing attacks, and attacks against the Spanning Tree Protocol (STP). It describes how MAC flooding can overwhelm a switch's bridging table and cause frames to flood across all ports. It also outlines several countermeasures switches can implement, such as port security, BPDU guard, and root guard, to prevent MAC flooding and spoofing attacks as well as STP attacks.
The document provides an overview of the OSI model, TCP/IP protocols, Cisco IOS modes, router components, cabling, router management, LAN switching concepts, IP addressing, routing protocols, and IPv6 migration methods. It summarizes key topics for the CCNA exam in 10 sentences or less per section.
Securing network switches at the layer 2 level is important to prevent various attacks. The document outlines steps to secure administrative access to switches, protect the management port, turn off unused services and interfaces, and use features like DHCP snooping, dynamic ARP inspection (DAI), port security, and VLANs to mitigate attacks like VLAN hopping, STP manipulation, DHCP spoofing, ARP spoofing, CAM table overflows, and MAC address spoofing. Following configuration best practices and securing switches at layer 2 helps strengthen network security.
This document provides an overview of Cisco router modes, commands, and configuration options. It lists the different router modes including user exec mode, privileged exec mode, global configuration mode, interface configuration mode, and router configuration mode. It also lists many common Cisco router commands used for configuration, troubleshooting, and management. These commands allow configuration and management of interfaces, routing protocols, access control lists, NAT, DHCP, and other router functions. The document provides brief descriptions and examples of using some key commands.
1. Ethernet switches build MAC-address tables through a dynamic learning process to forward frames based on MAC addresses.
2. Switches maintain CAM, TCAM, and ARP tables to perform layer 2 switching functions like address learning, forwarding, and loop avoidance.
3. VLANs create multiple broadcast domains on a switch to control broadcast traffic and improve security and flexibility.
This document provides a CCNA command cheat sheet covering Cisco IOS commands for the CCNA exam. It includes sections summarizing commands for Cisco device configuration, interface configuration, routing protocols, privilege mode commands, and more. The cheat sheet covers both ICND exam parts 1 and 2 and is intended to help review the majority of commands found on the CCNA exam.
The document discusses configuring basic security features on a network switch, including password protection, login banners, and port security to restrict access by MAC address. It describes how to configure port security options like maximum MAC addresses, static vs. dynamic addressing, violation modes, and how to verify the port security configuration using show commands. The goal is to secure the switch ports and prevent common attacks like MAC flooding.
How to create and delete vlan on cisco catalyst switchIT Tech
VLANs create logical broadcast domains that span switches, allowing network administrators to group users independently of physical location. The document provides instructions for creating and deleting VLANs on Cisco Catalyst switches through commands like "vlan", "interface range", and "switchport access vlan" to assign ports to VLANs. It also cautions that one should only manipulate VLANs on production switches after learning on test systems to avoid network issues.
This document describes configuring PVST+ spanning tree protocol on a network topology. It involves:
1. Configuring VLANs, trunk ports between switches, and IP addresses for switch management.
2. Optimizing the spanning tree configuration by making one switch the primary root for certain VLANs and another the secondary root to load balance traffic across trunks.
3. Enabling PortFast on end-user ports to quickly forward traffic and BPDU guard to protect against devices connected to those ports influencing the spanning tree.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
This document discusses layer 2 security attacks on Ethernet switches and their mitigation. It begins with an overview of layer 2 attacks and caveats. It then discusses specific MAC address attacks like CAM overflow attacks, which can be used to flood a switch's CAM table and cause traffic to flood on a VLAN. The document recommends port security features on switches to mitigate MAC flooding attacks by limiting the number of MAC addresses that can be learned or used on a particular port.
07 module extending switched netwroks with virtual la nsAsif
This document outlines objectives and configuration steps for VLANs, including configuring VLANs and trunking, verifying VLAN connectivity and spanning tree operations. It provides details on VLAN configuration such as creating and modifying VLANs, assigning switch ports to VLANs, and verifying VLAN and trunk configurations. Guidelines are also presented for working with VLAN trunk protocol (VTP) domains and pruning.
This document discusses key concepts of Ethernet and switch configuration. It describes Ethernet frame formats, MAC addresses, switch port settings including auto-negotiation and auto-MDIX. It explains how switches use MAC address tables to forward traffic, providing examples of entries being added to the table. Design considerations for Ethernet like bandwidth and collisions are also covered.
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
This document provides instructions for CCNP Switch Lab 1. It describes the lab equipment which consists of a switch pod with a multilayer distribution switch, two layer 2 access switches, and cables. Students will each manage their own individual pod. The physical topology is explained and configurations like hostname, passwords, interfaces are demonstrated. Commands used in the lab like 'write erase' and 'delete flash:vlan.dat' are listed. Example outputs of show commands are also provided.
This document discusses Linux serial port programming. It describes:
1. The termios structure which is used to configure port settings like baudrate, bits per character, parity etc.
2. Canonical and non-canonical input processing modes. Canonical mode returns a full line of input while non-canonical returns a fixed number of characters.
3. The VMIN and VTIME parameters which determine read behavior in non-canonical mode, allowing for blocking, non-blocking or timed reads.
4. An example C program that opens a serial port, configures it for raw input, reads a line of input and exits if the first character is 'z'.
Lab view the switch mac address table lab - view the switchADDY50
This document describes a lab to view network device MAC addresses. It provides a topology with two devices: a switch (S1) and PC (PC-A). The objectives are to configure the devices and verify connectivity, then display, describe, and analyze the Ethernet MAC addresses of the devices. The document provides instructions to configure the IP addresses of the devices, verify connectivity through ping tests, and use commands like ipconfig and show interfaces on the devices to view and analyze their MAC addresses, including identifying the organizationally unique identifier (OUI) and serial number portions of each address.
This document provides a cheat sheet of commands for configuring Cisco switches using both IOS and CLI switches. It lists commands for setting the hostname and system name, passwords, remote access, CDP configuration, port descriptions, port speeds, duplex settings, static VLAN configuration, trunk line configuration, VTP configuration, port channel configuration, STP settings, enabling Port Fast and UplinkFast, and recovering router passwords. It also provides contact information for a Cisco networking equipment wholesaler.
Switching – A Process of using the MAC address on LAN is called Layer 2 Switching.
Layer 2 Switching is the process of using hardware address of devices on a LAN to segment a network.
Switching breaks up large collision domains into smaller ones and that a collision domain is a network
segment with two or more devices sharing the same bandwidth.
This document discusses the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) implemented on four switches separated into different VLANs. STP prevents redundant paths from causing broadcast storms. RSTP converges faster than STP by combining port states. The switches were configured with RSTP and PVST+ separately for each VLAN to prevent loops.
Cisco lab, guide to configure interface stp attributesIT Tech
The document discusses configuring various spanning tree protocol (STP) attributes on interfaces, including:
1) BPDUFilter, which prevents sending and receiving BPDUs on an interface to avoid switching loops.
2) Interface cost, which sets the cost statically to influence the root port election process.
3) Link type, which sets the link as point-to-point or shared to influence rapid transitioning.
4) Port priority, which sets the priority as a tiebreaker for electing the root port among equal cost links.
The lab objectives are to demonstrate configuring these features and verifying their effects on the STP topology.
The document provides instructions and examples for configuring various routing protocols like RIP, IGRP, EIGRP, OSPF on Cisco routers and switches. It also includes commands for configuring basic device settings like IP addresses, passwords, VLANs, trunk ports and CDP. Examples are given for initial configurations of Cisco 1900 and 2950 switches.
The document is a sample exam for CCNA certification that contains multiple choice questions about networking concepts. Some of the questions test knowledge of protocols like TCP, UDP, HTTP, SNMP, and protocols used for routing like OSPF, EIGRP, RIP. Other questions cover topics like VLANs, trunking, STP, and IP addressing schemes.
- Four switches were installed with redundant uplinks between access and distribution layers that could be aggregated using Etherchannel to utilize full bandwidth.
- The lab configured Etherchannel bundles between switches using both PAgP and LACP protocols to aggregate ports, and verified they were operational trunks carrying traffic across the logical port-channel interfaces.
- Etherchannel was also configured as a Layer 3 routed port between distribution switches to allow routing over the aggregated link.
Four switches have been installed with redundant uplinks between access and distribution layers. Spanning tree removes redundant links to prevent loops. The document describes configuring Multiple Spanning Tree (MST) on the switches to group VLANs into instances to reduce CPU load from multiple spanning tree calculations. MST is configured by assigning VLANs 20-50 to instance 1 and VLANs 80,100 to instance 2 while the rest remain in the default instance 0. Identical MST configurations must be applied to all switches for proper operation.
The document discusses various switch security concepts and configuration including:
- Defense in depth with multiple layers of security and controlling network access.
- MAC flooding and spoofing attacks and how switches use MAC address tables to forward traffic.
- Port security features like limiting MAC addresses, locking ports based on violations, and aging secure addresses.
- Storm control to limit broadcast traffic and prevent denial of service attacks.
- DHCP snooping to prevent unauthorized DHCP servers and spoofing of client requests.
- Dynamic ARP inspection to validate ARP packets match the DHCP snooping database.
The document discusses security concerns and mitigation strategies for switches in local area networks (LANs). It describes various attacks that switches are vulnerable to, such as password attacks, denial-of-service attacks, CDP attacks, and MAC address flooding. It recommends disabling unused ports, disabling the Cisco Discovery Protocol when not in use, configuring port security, and configuring DHCP snooping to help mitigate these attacks. The document then provides configuration examples for disabling unused ports, the Cisco Discovery Protocol, and configuring port security on interfaces.
CCNA Security 07-Securing the local area networkAhmed Habib
This document discusses techniques for securing the local area network layer 2, including mitigating MAC address spoofing, STP manipulation, broadcast storms, and VLAN hopping attacks. It provides examples of how these attacks work and recommends configuration options like port security, BPDU guard, root guard, and controlling trunking to enhance network security. Specific commands are shown to enable these security features on Cisco switches to prevent common layer 2 attacks.
How to create and delete vlan on cisco catalyst switchIT Tech
VLANs create logical broadcast domains that span switches, allowing network administrators to group users independently of physical location. The document provides instructions for creating and deleting VLANs on Cisco Catalyst switches through commands like "vlan", "interface range", and "switchport access vlan" to assign ports to VLANs. It also cautions that one should only manipulate VLANs on production switches after learning on test systems to avoid network issues.
This document describes configuring PVST+ spanning tree protocol on a network topology. It involves:
1. Configuring VLANs, trunk ports between switches, and IP addresses for switch management.
2. Optimizing the spanning tree configuration by making one switch the primary root for certain VLANs and another the secondary root to load balance traffic across trunks.
3. Enabling PortFast on end-user ports to quickly forward traffic and BPDU guard to protect against devices connected to those ports influencing the spanning tree.
Hacking Layer 2 - Enthernet Switcher Hacking Countermeasures.Sumutiu Marius
This document discusses layer 2 security attacks on Ethernet switches and their mitigation. It begins with an overview of layer 2 attacks and caveats. It then discusses specific MAC address attacks like CAM overflow attacks, which can be used to flood a switch's CAM table and cause traffic to flood on a VLAN. The document recommends port security features on switches to mitigate MAC flooding attacks by limiting the number of MAC addresses that can be learned or used on a particular port.
07 module extending switched netwroks with virtual la nsAsif
This document outlines objectives and configuration steps for VLANs, including configuring VLANs and trunking, verifying VLAN connectivity and spanning tree operations. It provides details on VLAN configuration such as creating and modifying VLANs, assigning switch ports to VLANs, and verifying VLAN and trunk configurations. Guidelines are also presented for working with VLAN trunk protocol (VTP) domains and pruning.
This document discusses key concepts of Ethernet and switch configuration. It describes Ethernet frame formats, MAC addresses, switch port settings including auto-negotiation and auto-MDIX. It explains how switches use MAC address tables to forward traffic, providing examples of entries being added to the table. Design considerations for Ethernet like bandwidth and collisions are also covered.
Cisco CCNA Training/Exam Tips that are helpful for your Certification Exam!
To be Cisco Certified please Check out:
http://asmed.com/information-technology-it/
This document provides instructions for CCNP Switch Lab 1. It describes the lab equipment which consists of a switch pod with a multilayer distribution switch, two layer 2 access switches, and cables. Students will each manage their own individual pod. The physical topology is explained and configurations like hostname, passwords, interfaces are demonstrated. Commands used in the lab like 'write erase' and 'delete flash:vlan.dat' are listed. Example outputs of show commands are also provided.
This document discusses Linux serial port programming. It describes:
1. The termios structure which is used to configure port settings like baudrate, bits per character, parity etc.
2. Canonical and non-canonical input processing modes. Canonical mode returns a full line of input while non-canonical returns a fixed number of characters.
3. The VMIN and VTIME parameters which determine read behavior in non-canonical mode, allowing for blocking, non-blocking or timed reads.
4. An example C program that opens a serial port, configures it for raw input, reads a line of input and exits if the first character is 'z'.
Lab view the switch mac address table lab - view the switchADDY50
This document describes a lab to view network device MAC addresses. It provides a topology with two devices: a switch (S1) and PC (PC-A). The objectives are to configure the devices and verify connectivity, then display, describe, and analyze the Ethernet MAC addresses of the devices. The document provides instructions to configure the IP addresses of the devices, verify connectivity through ping tests, and use commands like ipconfig and show interfaces on the devices to view and analyze their MAC addresses, including identifying the organizationally unique identifier (OUI) and serial number portions of each address.
This document provides a cheat sheet of commands for configuring Cisco switches using both IOS and CLI switches. It lists commands for setting the hostname and system name, passwords, remote access, CDP configuration, port descriptions, port speeds, duplex settings, static VLAN configuration, trunk line configuration, VTP configuration, port channel configuration, STP settings, enabling Port Fast and UplinkFast, and recovering router passwords. It also provides contact information for a Cisco networking equipment wholesaler.
Switching – A Process of using the MAC address on LAN is called Layer 2 Switching.
Layer 2 Switching is the process of using hardware address of devices on a LAN to segment a network.
Switching breaks up large collision domains into smaller ones and that a collision domain is a network
segment with two or more devices sharing the same bandwidth.
This document discusses the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) implemented on four switches separated into different VLANs. STP prevents redundant paths from causing broadcast storms. RSTP converges faster than STP by combining port states. The switches were configured with RSTP and PVST+ separately for each VLAN to prevent loops.
Cisco lab, guide to configure interface stp attributesIT Tech
The document discusses configuring various spanning tree protocol (STP) attributes on interfaces, including:
1) BPDUFilter, which prevents sending and receiving BPDUs on an interface to avoid switching loops.
2) Interface cost, which sets the cost statically to influence the root port election process.
3) Link type, which sets the link as point-to-point or shared to influence rapid transitioning.
4) Port priority, which sets the priority as a tiebreaker for electing the root port among equal cost links.
The lab objectives are to demonstrate configuring these features and verifying their effects on the STP topology.
The document provides instructions and examples for configuring various routing protocols like RIP, IGRP, EIGRP, OSPF on Cisco routers and switches. It also includes commands for configuring basic device settings like IP addresses, passwords, VLANs, trunk ports and CDP. Examples are given for initial configurations of Cisco 1900 and 2950 switches.
The document is a sample exam for CCNA certification that contains multiple choice questions about networking concepts. Some of the questions test knowledge of protocols like TCP, UDP, HTTP, SNMP, and protocols used for routing like OSPF, EIGRP, RIP. Other questions cover topics like VLANs, trunking, STP, and IP addressing schemes.
- Four switches were installed with redundant uplinks between access and distribution layers that could be aggregated using Etherchannel to utilize full bandwidth.
- The lab configured Etherchannel bundles between switches using both PAgP and LACP protocols to aggregate ports, and verified they were operational trunks carrying traffic across the logical port-channel interfaces.
- Etherchannel was also configured as a Layer 3 routed port between distribution switches to allow routing over the aggregated link.
Four switches have been installed with redundant uplinks between access and distribution layers. Spanning tree removes redundant links to prevent loops. The document describes configuring Multiple Spanning Tree (MST) on the switches to group VLANs into instances to reduce CPU load from multiple spanning tree calculations. MST is configured by assigning VLANs 20-50 to instance 1 and VLANs 80,100 to instance 2 while the rest remain in the default instance 0. Identical MST configurations must be applied to all switches for proper operation.
The document discusses various switch security concepts and configuration including:
- Defense in depth with multiple layers of security and controlling network access.
- MAC flooding and spoofing attacks and how switches use MAC address tables to forward traffic.
- Port security features like limiting MAC addresses, locking ports based on violations, and aging secure addresses.
- Storm control to limit broadcast traffic and prevent denial of service attacks.
- DHCP snooping to prevent unauthorized DHCP servers and spoofing of client requests.
- Dynamic ARP inspection to validate ARP packets match the DHCP snooping database.
The document discusses security concerns and mitigation strategies for switches in local area networks (LANs). It describes various attacks that switches are vulnerable to, such as password attacks, denial-of-service attacks, CDP attacks, and MAC address flooding. It recommends disabling unused ports, disabling the Cisco Discovery Protocol when not in use, configuring port security, and configuring DHCP snooping to help mitigate these attacks. The document then provides configuration examples for disabling unused ports, the Cisco Discovery Protocol, and configuring port security on interfaces.
CCNA Security 07-Securing the local area networkAhmed Habib
This document discusses techniques for securing the local area network layer 2, including mitigating MAC address spoofing, STP manipulation, broadcast storms, and VLAN hopping attacks. It provides examples of how these attacks work and recommends configuration options like port security, BPDU guard, root guard, and controlling trunking to enhance network security. Specific commands are shown to enable these security features on Cisco switches to prevent common layer 2 attacks.
The document summarizes how to configure and manage a Catalyst switch, including:
- Verifying default settings such as the hostname and VLAN configuration
- Configuring IP addresses, passwords, and interfaces
- Viewing and managing the MAC address table
- Configuring static MAC addresses and port security to restrict which devices can connect to ports
- Procedures are provided for tasks like setting port speeds and enabling the web interface
This document discusses how to configure switch security features to mitigate common Layer 2 attacks on a switched LAN. It covers implementing port security to control MAC addresses, securing VLANs by disabling trunking protocols and setting native VLANs, using DHCP snooping to prevent DHCP spoofing, and deploying dynamic ARP inspection to validate ARP packets and prevent ARP spoofing attacks. The document provides detailed configuration examples for these features on Cisco switches to harden switch security and mitigate Layer 2 threats.
Layer 2 devices can be vulnerable to attacks like MAC, VLAN hopping, ARP, Spanning Tree, and DHCP starvation attacks. The document discusses these attack types and methods to mitigate them through configurations like port security, DHCP snooping, root guard, and BPDU guard on switches. CAM table overflow attacks can also allow VLAN hopping by overloading the CAM table. Proper trunk port configuration and disabling unused ports and VLANs helps prevent various Layer 2 attacks.
Port security limits the number of MAC addresses that can be learned on a switch port to prevent MAC address flooding attacks. It can be configured with the switchport port-security command. The lab demonstrates configuring port security on interface Fa0/1 of SW1 to allow a maximum of 3 MAC addresses and shutdown the port if exceeded. Testing validated the configuration works as expected, shutting down the port after 3 MAC address changes on connected router R1's Fa0/0 interface.
Switches create private collision domains and provide independent bandwidth on each port. Layer 2 switching provides hardware-based bridging using ASICs for wire speed and low latency switching at low cost. Switches learn MAC addresses by examining frames and make forwarding decisions based on layer 2 addresses, without modifying packets. Switches use the Spanning Tree Protocol to prevent network loops from occurring on redundant links while still allowing for redundancy.
This document discusses layer 2 attacks and countermeasures. It begins with an overview of MAC addresses, ARP, and switches. It then covers specific attacks like CAM overflow, DHCP starvation, and ARP spoofing. For each attack, it provides details on how the attack works and recommendations for mitigation techniques. These include configuring port security on switches to limit MAC addresses, using DHCP snooping to protect against rogue DHCP servers, and enabling ARP inspection to validate ARP responses. The document aims to increase understanding of common layer 2 attacks and best practices for layer 2 security.
This document provides an overview of various network security solutions that can be implemented on Cisco edge networks. It begins with a description of common switching security features like port security, DHCP snooping, and dynamic ARP inspection. It then covers private VLANs, protected ports, and various access control lists that can filter traffic. The document also discusses remote management solutions, SSH authentication, SNMPv3, zone-based firewalls, AAA, and best practices. Finally, it provides brief summaries of features related to the ASA firewall, IPS/IDS virtualization, ISE, ACS, and packet capture functionality.
VLANs logically segment networks to limit broadcast domains and improve performance. VLANs use tagging to associate packets with VLAN IDs and allow machines on different physical LAN segments to communicate logically as if on the same segment. Port security features on switches can limit access to ports by blocking unauthorized MAC addresses and alerting network managers of potential security issues.
Switchport port security explained with examplesteameassefa
This document explains switchport port security features including modes (protect, restrict, shutdown), sticky addresses, maximum hosts, and violations. It provides examples of configuring port security on a switch port to secure access and detect unauthorized devices. Key steps include enabling port security on an interface, setting the maximum hosts, selecting the violation mode, and using sticky learning to automatically secure learned MAC addresses.
This document provides an overview of switching concepts in computer networking, including:
- How switches operate at the data link layer to segment networks and improve performance through dedicated bandwidth on each port.
- Key switch functions like reading MAC addresses to populate the MAC address table and make forwarding decisions.
- VLANs and how they logically segment networks for improved management and security.
- Spanning Tree Protocol which prevents switching loops by blocking certain ports.
- Port aggregation technologies like EtherChannel that bundle multiple physical ports into a single logical port for redundancy and increased bandwidth.
The document discusses several security features of the Nexus 1000v virtual switch:
- It supports features like IGMP snooping, DHCP snooping, Dynamic ARP inspection, IP Source Guard, and ACLs to provide layer 2 security for virtual machines.
- These features work similarly to physical switches, protecting the layer 2 network from unmanaged VMs, but they are configured through the virtual Ethernet module interfaces.
- Dynamic ARP inspection and IP Source Guard rely on entries in the DHCP snooping binding database to validate IP-MAC bindings and filter invalid traffic from untrusted ports.
This document provides instructions for configuring Cisco Catalyst switches. It describes:
- The default configurations of Catalyst 1900 and 2950 switches, including IP address, CDP, port settings, and passwords
- How to configure management settings like IP address, default gateway, and VLANs
- How to view and configure duplex settings, port names, spanning tree settings, and the MAC address table
- How to set static and secure MAC addresses, enable port security, and handle violations
- Procedures for common changes like adding new switches, ports, or MAC addresses
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
2. الطبقة 2 الأمن IPS MARS VPN ACS Iron Port Firewall Web Server Email Server DNS Hosts محيط الإنترنت
3.
4.
5. MAC عنوان الغش هجوم MAC Address: AABBcc AABBcc 12AbDd التبديل منفذ 1 2 MAC Address: AABBcc مهاجم Port 1 Port 2 MAC Address: 12AbDd ويرتبط أنا المنافذ 1 و 2 مع MAC عناوين الأجهزة المتصلة به . حركة المرور المتجهة لكل جهاز وسوف ترسل مباشرة التبديل يحتفظ من النهاية من خلال المحافظة على MAC معالجة الجدول . في MAC بالتحايل ، ومهاجم آخر يشكل وهوستا شركات € " في هذه الحالة ، AABBcc
6. MAC عنوان الغش هجوم MAC Address: AABBcc AABBcc التبديل منفذ 1 2 MAC Address: AABBcc Attacker Port 1 Port 2 لقد تغيرت عنوان MAC على الكمبيوتر لمطابقة الملقم . لقد تغير الجهاز مع MAC معالجة AABBcc مواقع ل Port2 . ولا بد لي من ضبط مائدتي عنوان MAC وفقا لذلك . AABBcc 1 2
7. MAC العنوان تجاوز الجدول هجوم ويمكن التبديل بين الإطارات إلى الأمام و PC1 PC2 دون الفيضانات لأن الجدول يحتوي على عنوان MAC من المنفذ إلى MAC بين معالجة تعيينات في الجدول عنوان MAC لهذه الحواسيب .
8. MAC العنوان تجاوز الجدول هجوم A B C D VLAN 10 VLAN 10 الدخيل يدير macof لبدء إرسال عناوين وهمية غير معروفة MAC . 3/25 3/25 MAC X 3/25 MAC Y 3/25 MAC Z XYZ flood يتم إضافة عناوين وهمية الى طاولة كام . كام الجدول الكامل . Host C التبديل الفيضانات الإطارات . يرى مهاجم حركة المرور إلى ملقمات باء ودال . VLAN 10 1 2 3 4 MAC Port X 3/25 Y 3/25 C 3/25
9.
10. STP التلاعب هجوم Root Bridge Priority = 8192 Root Bridge F F F F F B STP BPDU Priority = 0 STP BPDU Priority = 0 F B F F F F مهاجم البث المضيفة مهاجمة خارج التكوين و STP BPDUs تغيير الهيكل . هذا هو محاولة لفرض إعادة الحسابات التي تغطي شجرة .
11. الشبكة المحلية هجوم العاصفة وقد غمرت الفيضانات البث والبث المتعدد أو أحادي الإرسال الحزم على جميع المنافذ في شبكة محلية ظاهرية واحدة . ويمكن لهذه العواصف زيادة استخدام وحدة المعالجة المركزية على التحول إلى 100 ٪ ، وخفض أداء الشبكة . Broadcast Broadcast Broadcast Broadcast Broadcast Broadcast Broadcast Broadcast Broadcast Broadcast Broadcast Broadcast
12. عاصفة التحكم Total number of broadcast packets or bytes
13.
14. هجمات شبكة محلية ظاهرية 802.1Q 802.1Q Server يرى مهاجم حركة المرور المتجهة للخوادم Server Trunk Trunk VLAN 20 VLAN 10 ويمكن إطلاق شبكة محلية ظاهرية التنقل هجوم بطريقتين : خداع النشر المكتبي رسائل من المضيف لمهاجمة قضية التحول إلى إدخال وضع الكابلات إدخال مفتاح المارقة وتشغيل مقسم الهاتف
15. المزدوج الدالة شبكة محلية ظاهرية هجوم التبديل الثاني يتلقى الحزمة على شبكة محلية ظاهرية الأصلي مهاجم على شبكة محلية ظاهرية 10 ، ولكن يضع علامة 20 في الحزمة Victim (VLAN 20) ملاحظة : هذا الهجوم يعمل فقط إذا الجذع لديه شبكة محلية ظاهرية نفس الأم كما المهاجم . الشرائط التبديل الأول قبالة العلامة الأولى وأنه لا ريتاج ( ليس retagged الحركة الأم ). إلى الأمام ثم الحزمة للتبديل 2. 20,10 20 Trunk (Native VLAN = 10) 802.1Q, 802.1Q 802.1Q, Frame Frame 1 2 3 4 التبديل الثاني يتلقى الحزمة على شبكة محلية ظاهرية الأصلي
16.
17.
18. منفذ الأمن لمحة عامة MAC A MAC A Port 0/1 allows MAC A Port 0/2 allows MAC B Port 0/3 allows MAC C المهاجم 1 المهاجم 2 0/1 0/2 0/3 MAC F السماح لمسؤول لتحديد ثابت MAC عناوين منفذ أو السماح للتبديل إلى تعلم بشكل حيوي على عدد محدود من MAC عناوين
19.
20.
21.
22. التبديل منفذ بورت الأمن انتهاك معلمات المعلمة الوصف protect (Optional) Set the security violation protect mode. When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred. restrict (Optional) Set the security violation restrict mode. When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. In this mode, you are notified that a security violation has occurred. shutdown (Optional) Set the security violation shutdown mode. In this mode, a port security violation causes the interface to immediately become error-disabled and turns off the port LED. It also sends an SNMP trap, logs a syslog message, and increments the violation counter. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. shutdown vlan Set the security violation mode to per-VLAN shutdown. In this mode, only the VLAN on which the violation occurred is error-disabled.
23.
24. التبديل منفذ بورت الأمن الشيخوخة معلمات المعلمة وصف static Enable aging for statically configured secure addresses on this port. time time Specify the aging time for this port. The range is 0 to 1440 minutes. If the time is 0, aging is disabled for this port. type absolute Set absolute aging type. All the secure addresses on this port age out exactly after the time (minutes) specified and are removed from the secure address list. type inactivity Set the inactivity aging type. The secure addresses on this port age out only if there is no data traffic from the secure source address for the specified time period.
25. تكوين نموذجي switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security violation shutdown switchport port-security mac-address sticky switchport port-security aging time 120 Switch(config-if)# S2 PC B
26.
27.
28.
29.
30.
31. تكوين Portfast خادم محطة عمل الامر الوصف Command Description Switch(config-if)# spanning-tree portfast Enables PortFast on a Layer 2 access port and forces it to enter the forwarding stateimmediately. Switch(config-if)# no spanning-tree portfast Disables PortFast on a Layer 2 access port. PortFast is disabled by default. Switch(config)# spanning-tree portfast default Globally enables the PortFast feature on all nontrunking ports. Switch# show running-config interface type slot/port Indicates whether PortFast has been configured on a port.
32.
33. Layer 2 Security IPS MARS VPN ACS Iron Port Firewall Web Server Email Server DNS Hosts Perimeter Internet
34.
35.
36. MAC Address Spoofing Attack MAC Address: AABBcc AABBcc 12AbDd Switch Port 1 2 MAC Address: AABBcc Attacker Port 1 Port 2 MAC Address: 12AbDd I have associated Ports 1 and 2 with the MAC addresses of the devices attached. Traffic destined for each device will be forwarded directly. The switch keeps track of the endpoints by maintaining a MAC address table. In MAC spoofing, the attacker poses as another host—in this case, AABBcc
37. MAC Address Spoofing Attack MAC Address: AABBcc AABBcc Switch Port 1 2 MAC Address: AABBcc Attacker Port 1 Port 2 I have changed the MAC address on my computer to match the server. The device with MAC address AABBcc has changed locations to Port2. I must adjust my MAC address table accordingly. AABBcc 1 2
38. MAC Address Table Overflow Attack The switch can forward frames between PC1 and PC2 without flooding because the MAC address table contains port-to-MAC-address mappings in the MAC address table for these PCs.
39. MAC Address Table Overflow Attack A B C D VLAN 10 VLAN 10 Intruder runs macof to begin sending unknown bogus MAC addresses. 3/25 3/25 MAC X 3/25 MAC Y 3/25 MAC Z XYZ flood Bogus addresses are added to the CAM table. CAM table is full. Host C The switch floods the frames. Attacker sees traffic to servers B and D. VLAN 10 1 2 3 4 MAC Port X 3/25 Y 3/25 C 3/25
40.
41. STP Manipulation Attack Root Bridge Priority = 8192 Root Bridge F F F F F B STP BPDU Priority = 0 STP BPDU Priority = 0 F B F F F F Attacker The attacking host broadcasts out STP configuration and topology change BPDUs. This is an attempt to force spanning tree recalculations.
46. Double-Tagging VLAN Attack The second switch receives the packet, on the native VLAN Attacker on VLAN 10, but puts a 20 tag in the packet Victim (VLAN 20) Note: This attack works only if the trunk has the same native VLAN as the attacker. The first switch strips off the first tag and does not retag it (native traffic is not retagged). It then forwards the packet to switch 2. 20,10 20 Trunk (Native VLAN = 10) 802.1Q, 802.1Q 802.1Q, Frame Frame 1 2 3 4 The second switch examines the packet, sees the VLAN 20 tag and forwards it accordingly.
47.
48.
49. Port Security Overview MAC A MAC A Port 0/1 allows MAC A Port 0/2 allows MAC B Port 0/3 allows MAC C Attacker 1 Attacker 2 0/1 0/2 0/3 MAC F Allows an administrator to statically specify MAC Addresses for a port or to permit the switch to dynamically learn a limited number of MAC addresses
50.
51.
52.
53. Switchport Port-Security Violation Parameters Parameter Description protect (Optional) Set the security violation protect mode. When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. You are not notified that a security violation has occurred. restrict (Optional) Set the security violation restrict mode. When the number of secure MAC addresses reaches the limit allowed on the port, packets with unknown source addresses are dropped until you remove a sufficient number of secure MAC addresses or increase the number of maximum allowable addresses. In this mode, you are notified that a security violation has occurred. shutdown (Optional) Set the security violation shutdown mode. In this mode, a port security violation causes the interface to immediately become error-disabled and turns off the port LED. It also sends an SNMP trap, logs a syslog message, and increments the violation counter. When a secure port is in the error-disabled state, you can bring it out of this state by entering the errdisable recovery cause psecure-violation global configuration command, or you can manually re-enable it by entering the shutdown and no shut down interface configuration commands. shutdown vlan Set the security violation mode to per-VLAN shutdown. In this mode, only the VLAN on which the violation occurred is error-disabled.
54.
55. Switchport Port-Security Aging Parameters Parameter Description static Enable aging for statically configured secure addresses on this port. time time Specify the aging time for this port. The range is 0 to 1440 minutes. If the time is 0, aging is disabled for this port. type absolute Set absolute aging type. All the secure addresses on this port age out exactly after the time (minutes) specified and are removed from the secure address list. type inactivity Set the inactivity aging type. The secure addresses on this port age out only if there is no data traffic from the secure source address for the specified time period.
56. Typical Configuration switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security violation shutdown switchport port-security mac-address sticky switchport port-security aging time 120 Switch(config-if)# S2 PC B
57.
58.
59.
60.
61.
62. Configure Portfast Server Workstation Command Description Switch(config-if)# spanning-tree portfast Enables PortFast on a Layer 2 access port and forces it to enter the forwarding stateimmediately. Switch(config-if)# no spanning-tree portfast Disables PortFast on a Layer 2 access port. PortFast is disabled by default. Switch(config)# spanning-tree portfast default Globally enables the PortFast feature on all nontrunking ports. Switch# show running-config interface type slot/port Indicates whether PortFast has been configured on a port.