Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VLAN trunking security vulnerabilities?

Does anyone know if there are any specific VLAN or trunking vulnerabilities that may allow visibility between separate VLANs running on the same switch? In this case, there would be no routing between the VLANs whatsoever.

I seem to remember reading something in the recent past, but can't recollect the context of the article.

1 REPLY

Re: VLAN trunking security vulnerabilities?

There are a number of security concerns regarding switches. For example vlan hopping (http://www.sans.org/newlook/resources/IDFAQ/vlan.htm), mac flooding, trunking/promiscous on PC NIC (as by default switches are trunk auto, PC can see traffic). But almost all can be prevented/limited.

Some security methods are :

-private vlans

-port security

-set PC ports to trunking off

-change native vlan on trunk ports to something other than end user vlans

-limit physical access to switch

-Networkers 2002 has a presentation on Layer 2 security (attacks and prevention).

Hope that helps.

Steve

367
Views
0
Helpful
1
Replies
CreatePlease to create content