交换安全
责编:admin |2015-02-09 14:48:05MAC layer attacks:
1、MAC 地址泛洪
switchport port-security 来防止这种情况
switchport port-security maximum x
switchport port-security mac-address aaaa.bbbb.cccc
switchport port-security sticky
2、未知单播帧
switchport block unicast阻止未知单播帧
VLAN attacks:
非trunk switchport mode access 关闭DTP
VACL:IP/MAC FWD/DRP
private vlans
1、VTP模式设为透明
2、pri/sec VLAN
3、将端口划进相应的VLAN
Spoofing attacks:
Attacks on switch devices:
下一篇:七大方法保护系统轻松躲避黑客