Chapter 17. Securing Switch Access


This chapter covers the following topics that you need to master for the CCNP BCMSN exam:

  • Switch Authentication, Authorization, and Accounting (AAA) This section discusses methods that you can use to control switch management access to users.

  • Port Security Using MAC Addresses This section explains how to configure switch ports to allow network access to only hosts with specific or learned MAC addresses.

  • Port-Based Security Using IEEE 802.1x This section discusses a method you can use to require user authentication before network access is offered to a client host.

  • Mitigating Spoofing Attacks This section covers two types of attacks in which a malicious user generates spoofed information to become a man-in-the-middle. When an attacker is wedged between other hosts and a router or gateway, for example, he can examine and exploit all traffic. DHCP snooping and dynamic ARP inspection are two features that can be used to prevent these attacks.

  • Best Practices for Securing Switches This section provides several guidelines for tightening control over Catalyst switches and the protocols they use for switch communication and maintenance.

Traditionally, users have been able to connect a PC to a switched network and gain immediate access to enterprise resources. As networks grow and as more confidential data or restricted resources become available, it is important to limit the access that users receive.

Catalyst switches have a variety of methods that can secure or control user access. Users can be authenticated as they connect to or through a switch, and can be authorized to perform certain actions on a switch. User access can be recorded as switch accounting information. The physical switch port access also can be controlled based on the user's MAC address or authentication.

In addition, Catalyst switches can detect and prevent certain types of attacks. Several features can be used to validate information passing through a switch so that spoofed addresses can't be used to compromise hosts.



CCNP Self-Study(c) CCNP BCMSN Exam Certification Guide
Red Hat Fedora 5 Unleashed
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 177

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net