search

Cisco Catalyst 6880-X Specifications Page 78

  • Download
  • Add to my manuals
  • Print
  • Page
    / 111
  • Table of contents
  • BOOKMARKS
    • Rated. / 5. Based on customer reviews
Page view 77
Distribution Layer April 2014
75
If the interface type is not portchannel, then the additional command macro apply EgressQoS must also be
configured on the interface.
Next, mitigate VLAN hopping on the trunk for switch-to-switch connections.
There is a remote possibility that an attacker can create a double 802.1Q encapsulated packet. If the attacker has
specific knowledge of the 802.1Q native VLAN, they could create a packet that when processed, removes the
first or outermost tag when the packet is switched onto the untagged native VLAN. When the packet reaches the
target switch, the inner or second tag is then processed and the potentially malicious packet is switched to the
target VLAN.
At first glance, this appears to be a serious risk. However, the traffic in this attack scenario is in a single direction
and no return traffic can be switched by this mechanism. Additionally, this attack cannot work unless the attacker
knows the native VLAN ID.
Step 5: Configuring an unused VLAN on all switch-to-switch 802.1Q trunk links from access layer to distribution
layer removes the remote risk of this type of attack. By choosing an arbitrary, non-default, unused VLAN
assignment for the native VLAN, you reduce the possibility that a double 802.1Q-tagged packet can hop VLANs.
vlan 999
name AntiVLANhopping
exit
!
interface [port-channel] [number]
switchport trunk native vlan 999
Step 6: Configure Layer 3.
Configure a VLAN interface (SVI) for every access layer VLAN so devices in the VLAN can communicate with the
rest of the network.
Use the ip helper-address command to allow remote DHCP servers to provide IP addresses for this network.
The address that the helper command points to is the central DHCP server. If you have more than one DHCP
server, you can list multiple helper commands on an interface.
interface vlan [number]
ip address [ip address] [mask]
ip helper-address [dhcp server ip]
ip pim sparse-mode
no shutdown
Page view 77
1 2 ... 73 74 75 76 77 78 79 80 81 82 83 ... 110 111

Comments to this Manuals

No comments
Related products and manuals for Network switches Cisco Catalyst 6880-X
Network switches Cisco GigaStack WS-X3500-XL User Manual   (9 pages)
Network switches Cisco Linksys SRW208L User Manual   (5 pages)
Network switches Cisco Catalyst 2820 User Manual   (7 pages)
Network switches Cisco 500 Series User Manual   (20 pages)
Network switches Cisco Catalyst 2960X-48FPS-L User Manual   (27 pages)
Network switches Cisco MFEBX1 User Manual   (11 pages)
Network switches Cisco CATALYST RPS 2300 User Manual   (20 pages)
Network switches Cisco Catalyst 2960 Specifications   (21 pages)
Network switches Cisco 585-LRE - 585 LRE Customer Premise Equipment Bridge User Manual   (9 pages)
Network switches Cisco TrustSec User Manual   (10 pages)
Network switches Cisco MDS9120 - MDS 9120 Multilayer Fabric Switch User Manual   (10 pages)
Network switches Cisco InfiniBand 4x User Manual   (8 pages)
Network switches Cisco BayTech DS71-MD4 Owner's Manual   (29 pages)
Network switches Cisco BayTech DS71-MD4 Owner's Manual   (96 pages)
Network switches Cisco Catalyst 3750X-24P User Manual   (4 pages)
Network switches Cisco MGBLX1 User Manual   (13 pages)
Network switches Cisco Catalyst 3750-E User Manual   (20 pages)
Network switches Cisco MDS 9140 - Fabric Switch User Manual   (15 pages)
Network switches Cisco 3750-48TS - Catalyst Switch - Stackable User Manual   (23 pages)
Network switches Cisco BayTech DS71-MD4 Owner's Manual   (38 pages)
  • Aeronix Innova Oce I-O Data Device Bird-technologies
  • Audiovox Network antennas NEC Monitors CRT Char-Broil Barbecues & grills Sony All-in-One workstations Provision-ISR Security cameras
  • Scarlett SC-2500 Samsung 460P Brother PE-DESIGN NEXT Samsung SCH-I759
  • Mystery MFM-23CU User Manual Canon EF 300mm f/4L IS USM User Manual Konftel 55W User's Guide Allied Telesis AT-FL-X900-01 Datasheet Gardena THS Li-18/42 Operations Instructions