Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
2
Replies

Securing Trunk Links

matt_the_b
Level 1
Level 1

‎06-13-2007 08:50 AM - edited ‎03-05-2019 04:41 PM

Hi all,

Is there any way to secure trunk links?

More specifically, to secure them so that someone can't unplug the switch and connect a PC that speaks 802.1q to gain access to any VLAN.

It is possible to use port security or port access lists on the uplink port with a big list of MAC addresses but that doesn't play nicely with dynamic VLANs and isn't the easiest to manage, are there any other methods?

Labels:
0 Helpful
2 Replies 2

Edison Ortiz
Hall of Fame
Hall of Fame

‎06-13-2007 10:58 AM

By default the PC will try to negotiate the trunk with VLAN 1. All you have to do is change the native VLAN in the trunk to something other than VLAN 1.

Both devices must agree on the native VLAN, else the trunk will never form.

0 Helpful

matt_the_b
Level 1
Level 1
In response to Edison Ortiz

‎06-13-2007 01:41 PM

Thanks for the reply Edison,

Is there a method of error disabling the port after a certain amount of native VLAN mismatches? Otherwise it may be possible to find the native VLAN by a brute force attack.

It's a shame that dot1x (802.1x) doesn't work on trunk links, that sounds like it would be a nice solution.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card