Cisco 2, Module 11

DHCP snooping

extended ACL

port security

DHCP server failover

strong password on DHCP servers

1. Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.

1. Use VLAN 1 as the native VLAN on trunk ports.

1. Use ISL encapsulation on all trunk links.

1. Disable STP on all nontrunk ports.

1. Enable DAI on the management VLAN.

1. Enable DHCP snooping on selected VLANs.

1. Enable port security globally.

1. Enable IP Source Guard on trusted ports.

1. unknown port

1. trusted DHCP port

1. established DHCP port

1. untrusted port

1. authorized DHCP port

1. S1(config)# spanning-tree portfast default

1. S1(config-line)# spanning-tree portfast

1. S1(config)# enable spanning-tree portfast default

1. S1(config-if)# enable spanning-tree portfast

1. S1(config-if)# spanning-tree portfast

1. Reboot the switch.

1. Issue the no switchport port-security violation shutdown command on the interface.

1. Issue the shutdown command followed by the no shutdown command on the interface.

1. Issue the no switchport port-security command, then re-enable port security.

1. ip dhcp snooping limit rate

1. ip dhcp snooping

1. ip dhcp snooping vlan

1. ip dhcp snooping trust

1. to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body

1. to check the destination MAC address in the Ethernet header against the user-configured ARP ACLs

1. to check the destination MAC address in the Ethernet header against the MAC address table

1. to check the destination MAC address in the Ethernet header against the source MAC address in the ARP body

1. BPDU filter

1. root guard

1. storm control

1. port security

1. DHCP spoofing

1. ARP spoofing

1. VLAN hopping

1. ARP poisoning