Switch Security

Question 1

If the clients are not on the same subnet as with the DHCP server, you need to configure a _________ on the router

Answer 1

IP helper address

Question 2

What is the solution to prevent rogue DHCP servers from being active in your network?

Answer 2

DHCP snooping

Question 3

How does DHCP snooping work?

Answer 3

By creating trusted ports that are directly connected to the DHCP server and also your inter-switch links leading down to the host

Question 4

What are the commands to enable DHCP snooping?

Answer 4

> SW1 (config) # ip dchp snooping
SW1 (config) # int f0/1
SW1 (config-if) # ip dchp snooping trust

Question 5

What does ARP do?

Answer 5

Address Resolution Protocol, An ARP request is a broadcast message sent by a device on a local network, asking for the MAC address associated with a specific IP address.

Question 6

What does Dynamic ARP Inspection (DAI) do?

Answer 6

prevents attackers from spoofing ARP on the network

For example, PC1 with MAC address 1.1.1, was assigned IP address 10.10.10.10 by the DHCP server. Then, if invalid ARP traffic tries to pass through the switch, for example, attacker 3.3.3 saying that it is 10.10.10.10, the switch can see that that MAC address does not map to that IP address and drop the traffic

Question 7

DAI is not do on ______ ports, only enable this for ______ clients

Answer 7

trusted, non DHCP

Question 8

When 802.1X is enabled, only ________ traffic is allowed on the switch ports until the _____ and _____ are authenticated

Answer 8

authentication, host, user

Question 9

Most newer severs use ______ as the authentication server

Answer 9

Identity Services Engine (ISE)