© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Module Summary Key switch security issues should be identified on a switched network and proper measures taken to mitigate known attacks. VLAN trunk links should be secured to defend against VLAN hopping attacks. DHCP snooping, port security, and dynamic ARP inspection are used to protect the network against spoofing attacks. When placed into service, switches should be configured according to best practices to secure the switch device and its protocols from attacks that can be launched through a switch. UDLD and loop guard protect the network from anomalous STP conditions that result from unidirectional links. Implement AAA services to support port authentication using 802.1x.
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v3.08-2