Overview

Like routers, both Layer 2 and Layer 3 switches have their own sets of network security requirements. Unlike routers, however, there is not much public information available that discusses the network security risks in switches and what can be done to mitigate those risks. This module covers Layer 2 attacks and how to use Cisco IOS features to mitigate such threats to the network. The learner will be introduced to several types of Layer 2 attacks and will learn strategies to mitigate these attacks.

Upon completing this module, the student will be able to mitigate network Layer 2 attacks including Content-Addressable Memory (CAM) table overflow, VLAN hopping, Spanning-Tree Protocol manipulation, Media Access Control (MAC) Address spoofing, and DHCP starvation.

PIX Security Appliance Command Reference

Cisco IOS Security Command Reference

NOTE:

It is required that the student study the commands covered in the chapter using the labs and the Command Reference. Not all required commands are covered in sufficient detail in the text alone. Successful completion of this course requires a thorough knowledge of command syntax and application.