Switch Port Protection Flashcards
Port security uses what to restrict access to switch ports?
MAC addresses
What switch feature protects against your network from communicating with a rogue DHCP server
DHCP snooping
A hacker would flood a switch with what in a flood attack?
With unknown MAC addresses to force it to broadcast traffic out of all ports so they can then capture traffic.
What switch feature can prevent MAC flooding?
Flood Guard.
Someone plugs an unknown switch into the network, what issue could happen?
1) it could become the root bridge and break the STP topology
What feature can prevent BPDUs from an unknown switch being received on a port?
BPDU guard
BPDU guard is typically applied to which ports?
Access ports that don’t connect to known switches.
Besides BPDU guard, what other feature helps to protect the STP topology and where would you apply it?
Root Guard. On all ports on the root bridge.
How does Root Guard work?
If the root bridge receives a BPDU with a superior priority number it disables the port connecting to that switch.
You want to increase the bandwidth between two switches, what technique would you use?
Port Channelling/Bonding
You can mix and match port speeds, duplex and VLAN into a single port channel, TRUE or FALSE
FALSE, they all need to be the same
What is PAgP?
Cisco’s proprietary port channel aggregation protocol. It aids in the automatic creation of EtherChannel links
What is the 802.3ad specification?
The vendor-neutral port channel protocol known as LACP (Link Aggregation Control Protocol)
Which switch feature helps prevent man-in-middle attacks and uses the DHCP snooping database of IP addresses to MAC address mappings to verify the MAC address mappings of each frame going through the switch?
Dynamic ARP inspection
