Specific Layer 2 Mitigation for CCNA Security
With a review of the switching technologies and how they operate now in mind, let’s take a specific look at implementing security features on our switches.
BPDU Guard
When you enable BPDU Guard, a switch port that was forwarding stops and disables the port if a BPDU is seen inbound on the port. A user should never be generating legitimate BPDUs. This configuration, applied to ports that should only be access ports to end stations, helps to prevent another switch (that is sending BPDUs) from being connected to the network. This could prevent manipulation of your current STP topology. Example 9-7
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
