Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
cisco:switch [2008/01/18 20:58] a 802.3af |
cisco:switch [2011/11/24 13:34] (current) greebo |
||
---|---|---|---|
Line 8: | Line 8: | ||
* **traffic with dest. mac addresses unknown to the switch, which is flooded to all ports but the one where the packets entered.** \\ | * **traffic with dest. mac addresses unknown to the switch, which is flooded to all ports but the one where the packets entered.** \\ | ||
- | When one uses "'' | + | When one uses "'' |
\\ | \\ | ||
A problem arises when a host connected somehow to that port does not send any traffic for more than '' | A problem arises when a host connected somehow to that port does not send any traffic for more than '' | ||
Line 20: | Line 20: | ||
for each interface | for each interface | ||
+ | |||
+ | ===== Make Catalyst switch silent (The Invisible Catalyst Switch) ===== | ||
+ | |||
+ | <note tip> | ||
+ | If you've ever looked at a packet capture from a Cisco Catalyst switch with a default configuration, | ||
+ | |||
+ | |||
+ | |||
+ | **Original notes: http:// | ||
+ | </ | ||
+ | |||
+ | **Turning off CDP** | ||
+ | | ||
+ | **Turning off DTP** | ||
+ | | ||
+ | | ||
+ | | ||
+ | **Turning off STP** | ||
+ | | ||
+ | **Turning off Ethernet Keepalives** | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Security on L2 based equipment ===== | ||
+ | |||
+ | see [[http:// | ||
+ | |||
+ | ==== VLAN ACL (VACL) ==== | ||
+ | |||
+ | **VACL on a Bridged Port** | ||
+ | {{cisco: | ||
+ | **VACL on a Routed Port** | ||
+ | {{cisco: | ||
+ | |||
+ | === Configuring VACL === | ||
+ | - Define the standard or extended access list to be used in VACL. | ||
+ | - Define a VLAN access map. | ||
+ | - Configure a match clause in a VLAN access map sequence. | ||
+ | - Configure an action clause in a VLAN access map sequence. | ||
+ | - Apply the VLAN access map to the specified VLANs. | ||
+ | - Display VLAN access map information. | ||
+ | |||
+ | < | ||
+ | Switch(config)# | ||
+ | Switch(config)# | ||
+ | Switch(config)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config-access-map)# | ||
+ | Switch(config)# | ||
+ | Switch(config-access-map)# | ||
+ | |||
+ | Switch# show vlan access-map | ||
+ | Vlan access-map " | ||
+ | Match clauses: | ||
+ | ip address: 1 | ||
+ | Action: | ||
+ | drop | ||
+ | Vlan access-map " | ||
+ | Match clauses: | ||
+ | ip address: 2 | ||
+ | Action: | ||
+ | Forward | ||
+ | |||
+ | Switch# show vlan filter | ||
+ | VLAN Map mymap is filtering VLANs: | ||
+ | 5-10 | ||
+ | </ | ||
+ | |||
+ | ==== MAC ACL ==== | ||
+ | |||
+ | MAC ACL, also known as Ethernet ACL, can filter non-IP traffic on a VLAN and on a physical Layer 2 interface by using MAC addresses in a named MAC extended ACL. The steps to configure a MAC ACL are similar to those of extended named ACLs. MAC ACL supports only inbound traffic filtering. | ||
+ | |||
+ | < | ||
+ | Switch(config)# | ||
+ | Switch(config-ext-macl)# | ||
+ | Switch(config-ext-macl)# | ||
+ | Switch(config-ext-macl)# | ||
+ | Switch(config)# | ||
+ | Switch(config-if)# | ||
+ | Switch(config-if)# | ||
+ | Switch# | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||