Professional Documents
Culture Documents
to Switched Networks
Presentation_ID
Cisco Confidential
Chapter 2
2.0 Introduction
2.1 Basic Switch Configuration
2.2 Switch Security: Management and Implementation
Presentation_ID
Cisco Confidential
Chapter 2: Objectives
Upon completion of this chapter, you will be able to:
Explain the advantages and disadvantages of static routing.
Configure initial settings on a Cisco switch.
Presentation_ID
Cisco Confidential
Presentation_ID
Cisco Confidential
Presentation_ID
Cisco Confidential
Presentation_ID
Cisco Confidential
Cisco Confidential
Presentation_ID
Cisco Confidential
Presentation_ID
Cisco Confidential
Presentation_ID
Cisco Confidential
10
Presentation_ID
Cisco Confidential
11
Duplex Communication
Presentation_ID
Cisco Confidential
12
Duplex Communication
Full-Duplex
Cisco Confidential
13
Presentation_ID
Cisco Confidential
14
Auto-MDIX Feature
Certain cable types (straight-through or crossover) were historically
required when connecting devices.
The automatic medium-dependent interface crossover (auto-MDIX)
feature eliminates this problem.
When auto-MDIX is enabled, the interface automatically detects
and appropriately configures the connection.
When using auto-MDIX on an interface, the interface speed and
duplex must be set to auto.
Presentation_ID
Cisco Confidential
15
Presentation_ID
Cisco Confidential
16
Presentation_ID
Cisco Confidential
17
Presentation_ID
Cisco Confidential
18
Presentation_ID
Cisco Confidential
19
Presentation_ID
Cisco Confidential
20
Presentation_ID
Cisco Confidential
21
SSH Operation
Secure Shell (SSH) is a protocol that provides a secure
(encrypted), command-line based connection to a remote device.
SSH is commonly used in UNIX-based systems.
Presentation_ID
Cisco Confidential
22
Presentation_ID
Cisco Confidential
23
Configuring SSH
Presentation_ID
Cisco Confidential
24
Verifying SSH
Presentation_ID
Cisco Confidential
25
Presentation_ID
Cisco Confidential
26
All frames are now forwarded to all ports, allowing the attacker to
access traffic to other hosts.
Presentation_ID
Cisco Confidential
27
Presentation_ID
Cisco Confidential
28
Presentation_ID
Cisco Confidential
29
DHCP Spoofing
DHCP is a network protocol used to automatically assign IP
information.
Two types of DHCP attacks are:
DHCP spoofing
DHCP starvation
In DHCP spoofing attacks, a fake DHCP server is placed in the
network to issue DHCP addresses to clients.
DHCP starvation is often used before a DHCP spoofing attack to
deny service to the legitimate DHCP server.
Presentation_ID
Cisco Confidential
30
Presentation_ID
Cisco Confidential
31
Presentation_ID
Cisco Confidential
32
Leveraging Telnet
The Telnet protocol is insecure and should be replaced by SSH.
An attacker can use Telnet as part of other attacks:
Presentation_ID
Cisco Confidential
33
Presentation_ID
Cisco Confidential
34
10 Best Practices
Develop a written security policy for the organization.
Shut down unused services and ports.
Use strong passwords and change them often.
Presentation_ID
Cisco Confidential
35
Presentation_ID
Cisco Confidential
36
Cisco Confidential
37
Presentation_ID
Cisco Confidential
38
DHCP Snooping
DHCP Snooping specifies which switch ports can respond to
DHCP requests
Presentation_ID
Cisco Confidential
39
Presentation_ID
Cisco Confidential
40
Protect
Restrict
Shutdown
Presentation_ID
Cisco Confidential
41
Presentation_ID
Cisco Confidential
42
Presentation_ID
Cisco Confidential
43
Presentation_ID
Cisco Confidential
44
Presentation_ID
Cisco Confidential
45
Presentation_ID
Cisco Confidential
46
Presentation_ID
Cisco Confidential
47
Presentation_ID
Cisco Confidential
48
Presentation_ID
Cisco Confidential
49
Presentation_ID
Cisco Confidential
50
Presentation_ID
Cisco Confidential
51
Configuring NTP
Presentation_ID
Cisco Confidential
52
Verifying NTP
Presentation_ID
Cisco Confidential
53
Chapter 2: Summary
In this chapter, you learned:
Cisco LAN switch boot sequence.
Cisco LAN switch LED modes.
Presentation_ID
Cisco Confidential
54
Presentation_ID
Cisco Confidential
55