Securing Cisco Switch Data Plane

Image for post
Image for post

This tutorial will show you how to secure your Cisco Switches from Internal attacks like MAC Spoofing, CAM Table Overflow, MITM, and DHCP Spoofing Attacks.

  1. Configure Endpoint Devices to Access ports to avoid trunking auto-negotiation. Only configure trunk ports that are going to other Switches or Routers.
Image for post
Image for post

2. Configure aging time for MAC addresses (in minutes). The port-security violation modes consist of three modes which are: protect, restrict, and shutdown. It is not recommended to use protect because it does not send logs.

Image for post
Image for post

3. Next is to configure DHCP Snooping in order to prevent DHCP Starvation and DHCP Spoofing attacks. Take note that we only trust the port where DHCP Server is connected.

Image for post
Image for post

4. If you are using Router as a DHCP Server, additional configuration to the router is necessary.

Image for post
Image for post

Written by

Experienced Network Security Engineer with a demonstrated history of working in the field of IT security industry.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store