How to configure port security on Cisco switches

Rate this post

133 views

cisco

Overview

In some environments, a network must be secured by controlling what stations can gain access to the network itself. Port security is a feature used on Cisco Catalyst switches which limits the MAC addresses allowed to appear on a specific port. In most cases network administrators use this to secure access to the physical network.

Using this feature only predefined static MAC addresses or limited number of dynamic MAC addresses can access the network. Suppose a user tries to connect to a port which has port security enabled and his MAC address does not appear on the list of allowed MAC addresses. In this case the port will be shut down or the packets arriving on that port will be dropped with a specific action. To resolve this issue the port must be re-enabled manually by the network administrator or automatically after a period of time if the errdisable cause is configured for automatic recovery (by default after 300 seconds).

Continue reading…

Understanding CDP (Cisco Discovery Protocol)

Rate this post

185 views

cisco

Overview

Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol which is used to collect information about neighboring routers and switches. It operates at Layer2 (data link layer) and comes in two versions CDPv1 (initial release) available since IOS version 10.3 and CDPv2 available from IOS Version 12.0(3)T. CDP is very useful when you need to gather information about the network topology like IP addresses, device capabilities, platform and also offers a quick way for troubleshooting and documenting the network. CDP is enabled by default on all available interfaces. CDP traffic between devices is not encrypted so this can be a real security issue. As best practice is recommended that CDP should be disabled mainly on devices that connects to external networks.

Continue reading…

Configuring SSH on Cisco routers and switches

Rate this post

186 views

cisco

Overview

Older IOS images on Cisco devices used telnet as default login method for the vty lines. Nowadays using telnet is not safe because all traffic including usernames and passwords is transmitted in clear text. This way anybody using a protocol analyzer can gain access to the data. Lately telnet access method has been replaced by SSH which offers increased security by encrypting all traffic between source and destination. SSH protocol comes in two versions SSH1 and SSH2. Communication between the client and server is encrypted in both versions. You should implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm. SSH1 became available in Cisco’s IOS, starting with release 12.1(1)T. In order to use SSH2 you need a IOS version 12.3(4)T or newer.

Continue reading…

Page 4 of 4« First...234