Switch Access Layer Security Flashcards Preview

My ICND2 > Switch Access Layer Security > Flashcards

Flashcards in Switch Access Layer Security Deck (7)
Loading flashcards...
1
Q

What is DHCP Snooping?

A

Switch Security feature that drops DHCP Server responces if they do not come in on a trusted port.

Config won’t be tested but it is enabled by:
SW1(config)# ip dhcp snooping
SW1(config)# ip dhcp snooping vlan 10
SW1(config)# interface fast 0/24
SW1(config-if)# ip dhcp snooping trust

2
Q

What is Dynamic ARP Inspection?

A

Switch watches DHCP traffic and keeps track of which IPs were assigned to which MAC addresses. Invalid ARP traffic is then dropped.

*Requires DHCP snooping to be enabled on the switch.

Config won’t be tested but it is enabled by:
SW1(config)# ip arp inspection vlan 10
SW1(config)# interface fast 0/24
SW1(config-if)# ip arp inspection trust <- must trust ports that dont have DHCP clients on them.

3
Q

What is 802.1X?

A

A form of Port Authentication.

Must be configured on the end device and on the access switch. When first plugged in, they can only communicate with the external authentication server.

4
Q

What are the 3 options for port security?

A
  1. Protect - Port is not shutdown - offending traffic is dropped
  2. Restrict - Port is not shutdown - offending traffic is dropped - logs are written
  3. Shutdown - Port is shutdown
5
Q

Command to view port security settings on a port

A

SW1# show port-security interface f0/1

6
Q

Command to auto restore port disabled by port security?

A

SW1(config)# errdisable recovery cause psecure-violation
SW1(config)# errdisable recovery interval 600

7
Q

Command to show mac addresses learned via port security?

A

SW1# show port-security address