Bitmindframes cisco study guides.
VLAN’s are a very useful tool in an enterprise network,they segment each departments data using a single switch and trunking.
Here we will discuss the basics of VLAN’s in a cisco internetwork.
A VLAN is a logically separate IP subnetwork. VLANs allow multiple IP networks and subnets to exist on the same switched network. The figure shows a network with three computers. For computers to communicate on the same VLAN, each must have an IP address and a subnet mask that is consistent for that VLAN. The switch has to be configured with the VLAN and each port in the VLAN must be assigned to the VLAN. A switch port with a singular VLAN configured on it is called an access port.
Read the rest of this entry →
Configuring port security
A switch without port security allows attackers to connect to unused, ports and gather info or attack the network. All ports should be secured before a switch is deployed. Port security limits the number of MAC addresses allowed on port.
If you limit the number to 1 & assign a single MAC address only the pc attached is allowed to connect via that port, when that number is reached a security violation occurs.
Read the rest of this entry →
Security on a switch
eMac address flooding or overflow attacks
Switches learn a source MAC address from the MAC address table
If a frame enters a switch and it does not find the destination MAC address in the table, the switch acts like a hub and floods it out all ports. Mac address tables have a limited size.
MAC address flooding uses this limitation to bombard the switch with fake addresses until the table is full. The switch then enters fail-open mode and will act like a hub.
As a result, an attacker can see all of the frames passing through the switch.
Read the rest of this entry →
