Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
1
Replies

VLAN trunking security vulnerabilities?

bender.mike
Level 1
Level 1

‎09-17-2002 01:22 PM - edited ‎03-02-2019 01:26 AM

Does anyone know if there are any specific VLAN or trunking vulnerabilities that may allow visibility between separate VLANs running on the same switch? In this case, there would be no routing between the VLANs whatsoever.

I seem to remember reading something in the recent past, but can't recollect the context of the article.

Labels:
0 Helpful
1 Reply 1

steve.barlow
Level 7
Level 7

‎09-17-2002 02:22 PM

There are a number of security concerns regarding switches. For example vlan hopping (http://www.sans.org/newlook/resources/IDFAQ/vlan.htm), mac flooding, trunking/promiscous on PC NIC (as by default switches are trunk auto, PC can see traffic). But almost all can be prevented/limited.

Some security methods are :

-private vlans

-port security

-set PC ports to trunking off

-change native vlan on trunk ports to something other than end user vlans

-limit physical access to switch

-Networkers 2002 has a presentation on Layer 2 security (attacks and prevention).

Hope that helps.

Steve

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents