Cisco Catalyst 6880-X Specifications Page 17
- Page / 111
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Access Layer April 2014
14
Access Layer
Design Overview
The access layer is the point at which user-controlled and user-accessible devices are connected to the network
and it is the one architecture component that is found in every LAN.
Infrastructure Security Features
Because the access layer is the connection point between network-based services and client devices, it plays
an important role in protecting other users, the application resources, and the network itself from human error
and malicious attacks. Network resiliency and security in the access layer is achieved through the use of Cisco
Catalyst Infrastructure Security Features (CISF) including Dynamic Host Configuration Protocol (DHCP) snooping,
IP Source Guard, port security, and Dynamic Address Resolution Protocol (ARP) Inspection.
MAC flooding attacks are used to force a LAN switch to flood all switch traffic out to all the switch interfaces.
Port security limits the number of MAC addresses that can be active on a single port to protect against such
attacks.
Port security lets you to configure Layer 2 interfaces to allow inbound traffic from only a restricted set of MAC
addresses. The MAC addresses in the restricted set are called secure MAC addresses. In addition, the device
does not allow traffic from these MAC addresses on another interface within the same VLAN.
The number of MAC addresses that the device secures on each interface is configurable. For ease of
management, the device can learn the addresses dynamically. Using the dynamic learning method, the device
secures MAC addresses while ingress traffic passes through the interface. If the address is not yet secured and
the device has not reached any applicable maximum, it secures the address and allows the traffic. The device
ages dynamic addresses and drops them when the age limit is reached.
DHCP snooping is a security feature for DHCP that filters and rate-limits DHCP traffic from untrusted sources.
An untrusted source is any interface on the switch not specifically configured as a known DHCP server or path
towards a known DHCP server, including all client-facing interfaces, allowing DHCP replies to be blocked from
those interfaces.
The DHCP snooping feature helps simplify management and troubleshooting by tracking MAC address, IP
address, lease time, binding type, VLAN number, and interface information that correspond to the local untrusted
interfaces on the switch. DHCP snooping stores this information in the DHCP binding table, which is then used as
a reference for comparison against observed traffic.
Dynamic ARP inspection (DAI) mitigates ARP poisoning attacks. An ARP poisoning attack is a method by which
an attacker sends false ARP information to a local segment. This information is designed to poison the ARP
cache of devices on the LAN, allowing the attacker to execute man-in-the-middle attacks.
- Campus Wired LAN 1
- Table of Contents 2
- How to Read Commands 4
- Comments and Questions 4
- CVD Navigator 5
- Prociency 6
- Introduction 7
- Design Overview 9
- Access Layer 11
- Distribution Layer 12
- Flexible Design 13
- Core Layer 14
- Reader Tip 15
- Quality of Service (QoS) 16
- Access Layer Platforms 19
- Deployment Details 21
- Access Layer April 2014 22
- Configuring the Access Layer 23
- Interface 36
- Layer-3 Link 43
- Distribution Layer Roles 45
- Distribution Layer Platforms 47
- Cisco Catalyst 6880-X VSS 49
- Cisco Catalyst 4500-X VSS 49
- Cisco Catalyst 4507R+E VSS 49
- Virtual Switching System 51
- Figure 21 - VSS domain 53
- Figure 22 - VSLP 55
- Figure 23 - VSS domain 61
- Figure 24 - VSLP 63
- Multicast Source 73
- Rendezvous Point 73
- EIGRP Summarization 82
- OSPF Summarization 82
- EIGRP Neighbor Authentication 82
- OSPF Neighbor Authentication 82
- Core Layer Platforms 86
- Figure 28 - VSLP 92
- EIGRP Unicast Routing 102
- OSPF Unicast Routing 102
- Tech Tip 104
- Port channel 105
- CoreDistribution 105
- Appendix A: Product List 107
- LAN Distribution Layer 108
- LAN Core Layer 108
- Appendix B: 109
- DeviceCongurationFiles 109
- Appendix C: Changes 110
- Feedback 111
Related products and manuals for Network switches Cisco Catalyst 6880-X
Network switches Cisco MFEBX1 User Manual
(11 pages)
(11 pages)
Network switches Cisco TrustSec User Manual
(10 pages)
(10 pages)
Network switches Cisco MGBLX1 User Manual
(13 pages)
(13 pages)
© 2020, manymanuals.com. All rights reserved. | 2.065 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals