CCNP switch slides 18 Flashcards
source
http://www.coursehero.com/flashcards/430748/CCNP-SWITCH-642-813-Campus-Network-Security/
What is VLAN Hopping? How do you fight it?
When a malicious user double-tags a frame with two VLAN IDs, to get his traffic onto another VLAN. -Fight it by setting the native VLAN of the trunk to a bogus, or unused, VLAN. And pruning the Actual Network Native VLAN off both ends of the trunk. OR you can force the trunk to tag the native VLAN.
Are private VLANs globally or locally significant?
Locally Significant, as VTP doesn’t transmit any private VLAN information.
What is switch spoofing? How do you fight it?
Where a malicious user exploits the autonegotiating nature of DTP to negotiate a trunk port with a switch. -Fight it by assigning every port to a static DTP mode (switchport mode access/trunk)
What is a primary VLAN?What is a secondary VLAN?
-Primary VLANs are logically assigned to normal VLANs. -Secondary VLANs can communicate with primary VLANs, but not with another secondary VLAN.
What type of attack is IP Source Guard designed to protect against?
IP Spoofing.
All secondary VLANs must be associated with one _____?
Primary VLAN.
Access Lists that can filter within a VLAN are know as what?
VLAN Access Lists (VACL)
Can port security be enabled globally?
No, it is enabled on a per-port basis.
What ports should be trusted in Dynamic ARP Inspection?
ports connected to other switches.
How does DHCP snooping work on Cisco devices? What is the default behavior?
Ports can be trusted or untrusted. DHCP replies from untrusted ports will be discarded, and that port will be placed in the errdisabled state. -Default behavior is that all ports are UNtrusted.
How does IP source guard work?
It checks the DHCP Snooping table to build a custom ACL for the port to filter rouge IPs, and it uses port security to filter out rouge MACs from those IPs.
What two features must be enabled to get the most out of IP Source Guard?
DHCP snooping and port security.
What type of server is needed for Port-Based Authentication?
a RADIUS server.
What is 802.1x used for?
Port based Authentication.