Topic 3- Securing switch ports Flashcards
What is port fast?
can be configured on a port speeds up port activation No RSTP delay in activating port For ports with end devices only (for ports you know cannot create a loop when connected)
What is BPDU Guard?
Bridge Protocol Data Unit Guard
disables port with port fast connected if BPDU detected
- Prevents loop problems if switch is connected to what should be an end point
how to configure
configure interfaces in access mode on specific VLANs
- set max concurrent MAC addr on a port
ex: switchport port-security violation protect (drops frames from unknown sources)
ex: switchport port-security violation restrict (drops frames from unknown sources and increments violation counter)
ex: switchport port-security violation shutdown (shuts down interface)
What is channel bonding?
aka port bonding
Combines up to 8 physical links into one logical link
protocols: Port aggression protocol (PAgP)
IEEE802.1d Link aggregation protocol (LACP)
What is an EtherChannel?
It is created on a range of interfaces
(speed, duplex, trunking- must be done on both ends)
Use channel-group command to create port-channel interface
configure trunking on port-channel interface
How to configure an etherchannel:
On a range of interfaces - channel-group 1 mode active on result port channel 1 interface - config trunk encapsulation -config trunk mode
Channel-group
Command on ethernet interfaces used to add the specific interfaces to a single etherchannel. The number after the command is the port channel id
Interface port-channel
Command that creates the bundled interface. Ports can be added to this interfave with the channel-group command
Step by step etherchannel
Int range g0/1-2 Switchport trunk encapsulation dot1q Switchport mode trunk Channel-group 1 mode active Int port-channel 1 Switchport trunk encapsulation dot1q Switchport mode trunk Switchport trunk allowed vlan 1,2,3 Do on both switches Sh etherchannel port-channel
