The vlan command is used to add VLANs to the VLAN database and to configure

The vlan command is used to add vlans to the vlan

This preview shows page 64 - 66 out of 302 pages.

The vlan command is used to add VLANs to the VLAN database and to configure VLAN settings. The vlan database command is issued to enter VLAN configuration mode. The following commands can be issued from VLAN configuration mode: abort - exits without applying changes apply - applies changes and bumps the revision number exit - applies changes, bumps the revision number and exits VLAN configuration mode no - negates a command reset - discards changes and rereads the VLAN database show - displays information vlan - configures the VLAN database vtp - configures VLAN Trunking Protocol (VTP) settings The switchport mode access command disables trunking for a port. The syntax for the switchport mode command is as follows: switchport mode {access | trunk | dynamicdesirable | dynamicauto} Objective: Layer 2 Technologies Sub-Objective: Configure and verify VLANs References: Cisco > Cisco IOS Interface and Hardware Component Command Reference > squelch through system jumbomtu > switchport access QUESTION 87 What attack technique attempts to fill a switching table so the attackers can capture traffic passing through
a switch? A. VLAN hopping B. MAC spoofing C. Rogue device D. MAC flooding Correct Answer: D Section: Layer 2 Technologies Explanation Explanation/Reference: Explanation: MAC flooding is an attack technique in which frames with unique, but invalid, source MAC addresses flood the switch and exhaust the CAM table space. Eventually no more MAC addresses can be added because the table is full. When this occurs, any packets destined for a MAC address not in the table will be flooded to all other ports. This would allow the attacker to see the flooded traffic and capture information. The switch would be essentially functioning as a hub in this case. Two methods of mitigating these attacks are: Implementing port security Implementing VLAN access maps VLAN hopping is an attack that allows an attacker to access network resources on a different VLAN without passing through a router. The attacker can create a packet with two 802.1Q VLAN headers on it (called double tagging) and send it to a switch. The switch port will strip off the first header and leave the second. The second header will be seen as the originating VLAN, allowing the attacker access to a VLAN they are not connected to. Executing the switchport mode access command on all non-trunk ports can help prevent this attack. Pruning the native VLAN from a trunk link can also help. VLAN hopping is a security concern because it can be accomplished without the packet passing through a router and its security access lists. For this reason, private VLANs and VACLs should be used to secure access between VLANs. Techniques to prevent these attacks are: Prevent automatic trunk configurations by explicitly turning off Dynamic Trunking Protocol on all unused ports Place unused ports in a common unrouted VLAN MAC spoofing is an attack that allows an attacking device to receive frames intended for a different host by changing an assigned Media Access Control (MAC) address of a networked device to a different one.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture