Learn how port security protects user ports and how it's configured.
- [Instructor] Layer two security doesn't have, … a one size fits all solution, … there isn't an easy button for it. … Rather, it's a layering of multiple techniques … to achieve as much protection as is required. … I'll start by discussing a feature known as Port Security. … In essence, it limits the number of MAC addresses … and even which MAC addresses are allowed … to send inbound packets on a switch port. … Limiting the number of MAC addresses, … can prevent attacks like DHCP starvation, … where tens or hundreds of MACs, … will show up on a single interface. … When enabled on a port by default, … only a single MAC address will be learned, … incoming on that port. … And the logic is first come first served. … This means if you have multiple MAC addresses, … leaving off this port, whoever sends a packet first wins. … The default violation mode is to shut down the port, … if additional MACs arrive. … I always adjust this behavior as seen below. … While port security can be applied to a trunk port, …
Note: A complete overview of the exam and registration instructions can be found at https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/ccna-200-301.html.
- Elements of a robust security program
- Password policy
- Access control lists
- Dynamic ARP Inspection (DAI)
- Software-defined networking
- Software-Defined Access (SDA)
- Rest APIs
- Automation platforms