Search

Home >> Knowledgebase >> CCNA Security >> Best Security practices to protect layer 2

Best Security practices to protect layer 2

• Hardcode access ports as "switchport mode access" and trunk ports as "switchport mode trunk".

• Administratively shutdown all the unused switch interfaces, using "shutdown" interface command. Never enable a switchport which is not in use.

• Assign unused interfaces to a VLAN which is not in use.

• Disable DTP on every trunk using "switchport nonegotiate" command.

• Use any VLAN which is not used for user traffic or management traffic as the native VLAN for all trunk links.

• Do not use VLAN 1 anywhere, because it is a default VLAN and default native VLAN.

• Use port security feature to protect the switch from CAM Table Overflow attacks.

• Use BPDU guard and Root guard features to protect Spanning Tree topology.

• Turn on Cisco Discovery Protocol (CDP) only on interfaces facing trusted devices.

 

<< How to configure PVLANs (Private VLANs)
Access Control Lists (ACLs) >>
Related Tutorials