Switches are fantastic devices, allowing you to create VLANs, trunks, as well as offer fast and somewhat private communication. However, the basic nature of switch operation, as well as the advent of trunk links, VLAN tags and some backwards compatibility features, created some extra security risks that were not anticipated upon the advent of the technology. In this course, Securing the Switch for Cisco CCNA 200-125/100-10, you will start off by learning about frame double-tagging. Next, you'll move onto the native VLAN security issues and DTP. You'll wrap up the course with a demonstration of creating a secure base configuration for a switch. By the end of this course, you'll know how to put a secure base configuration on a switch, mitigating many layer 2 attacks against Ethernet.
Course Overview Hi, everyone! My name is Ross Bagurdes and welcome to my course, Securing the Switch. I am a network engineer with 20 years experience building and managing Enterprise networks and teaching people about them. Switches may or may not have been part of the Ethernet vision when the Ethernet was being developed in the 70s and 80s. However, by the mid to late 1990s, switching became an important piece of data networking and has not stopped growing since. Because of this rapid implementation and growth of Ethernet and switching, there was not always an eye focused on security flaws in switch design, especially in trunk link operation. In this course we're going to cover the native VLAN and the security issues it creates, MAC address flooding of a switch, and switchport Port security which is a mechanism we can use to prevent some security issues. By the end of this course you'll know how to put a secure base configuration on an Ethernet switch, mitigating many layer-2 attacks against Ethernet. Before beginning the course you should be familiar with switching, VLANs, and VLAN trunking. From here you should feel comfortable diving into the rest of the CCNA series. I hope you'll join me on this journey to learn switch security with the Security the Switch course at Pluralsight.
The Native VLAN Welcome to Pluralsight. I'm Ross Bagurdes and this course is Securing the Switch for the Cisco 200-125 exam and then 100/105 exams. Now those are the CCNA exam and the ICND1 exam respectively. The ICND1 exam will earn you the CCENT or the Cisco Certified Entry Level Network Technician. We're going to start this Securing the Switch course off by talking about the native VLAN. We're going to talk about how it works and why it's a security concern in our environments. We'll also discuss how we deal with the native VLAN to eliminate as many security concerns as possible. Our goals this module are going to describe the native VLAN's operation, describe the security issue with the native VLAN, and then we're going to examine this untagged traffic that the native VLAN carries in Wireshark.
Dynamic Trunking Protocol (DTP) Welcome to Pluralsight! I'm Ross Bagurdes. This module is Dynamic Trunking Protocol or DTP. What I'd like to do in this module is define Dynamic Trunking Protocol, look at its behavior, and then demonstrate its operation ending with us turning off DTP.
Switchport Port Security Welcome to Pluralsight! I'm Ross Bagurdes. This is Switchport port security. Our goals of this module are to examine the flooding attack and see how this flooding attack can have severe consequences even on a modern switch. We're going to look at how we can prevent flooding attacks using port security. We'll look at the switchport port-security features and then demonstrate how we implement and examine switchport port-security.
Check Your Knowledge Welcome to Pluralsight! I'm Ross Bagurdes. This is Check Your Knowledge for Securing the Switch. In this module what we're going to do to wrap up this course is create a secure switch base configuration. So far we've learned how to put the basic configuration on a switch to make it usable. We're going to secure the switch as much as possible without compromising the switch's ability to pass legitimate traffic. The next thing we'll do here is troubleshoot some native VLAN issues. And last we'll look at some port-security troubleshooting and how we might resolve some issues there.