Configuring a Web Interface:
Switches have web-based config tools that require an onboard HTTP server:
Web browser GUI.
Security Device Manager (SDM).
IP Phone and Telephony apps.
HTTP services ? security hole ? optional authentication.
If many users access HTTP services you may require a separate authentication server.
AAA and TACACS can be used to validate user credentials, (robust).
A less complex method allows use of the enable password.
A local authentication method requires the user to use a login username and password specified in the config.
S1(config)#ip http server ? turns on the server (on by default).
S1(config)#ip http authentication enable.
Read the rest of this entry →
Tags: wan, switch, cisco, router, vtp, study
LAN Design:
The Hierarchical Network Model:
CCNA focuses on networks for SMBs (small, medium businesses).
A hierarchical design model is recommended.
Easier to manage and expand.
Problems are solved more quickly.
Hierarchical design divides the network into 3 layers.
Core, (CL).
Distribrution, (DL).
Access, (AL).
Each layer provides specific functions.
This “modularity” facilitates scalability and performance.
Access Layer, (AL): lowest
Interfaces with the end device (user).
Includes routers, switches, bridges, hubs and wireless APs.
Provides a means of connecting devices to the network and controlling which one communicate on the network.
Read the rest of this entry →
Tags: vlan, wan, ip, guides, vtp, switch
Configuring port security
A switch without port security allows attackers to connect to unused, ports and gather info or attack the network. All ports should be secured before a switch is deployed. Port security limits the number of MAC addresses allowed on port.
If you limit the number to 1 & assign a single MAC address only the pc attached is allowed to connect via that port, when that number is reached a security violation occurs.
Read the rest of this entry →
Security on a switch
eMac address flooding or overflow attacks
Switches learn a source MAC address from the MAC address table
If a frame enters a switch and it does not find the destination MAC address in the table, the switch acts like a hub and floods it out all ports. Mac address tables have a limited size.
MAC address flooding uses this limitation to bombard the switch with fake addresses until the table is full. The switch then enters fail-open mode and will act like a hub.
As a result, an attacker can see all of the frames passing through the switch.
Read the rest of this entry →