MAC layer attacks:
1、MAC 地址泛洪
switchport port-security 來防止這種情況
switchport port-security maximum x
switchport port-security mac-address aaaa.bbbb.cccc
switchport port-security sticky
2、未知單播幀
switchport block unicast阻止未知單播幀
VLAN attacks:
非trunk switchport mode access 關閉DTP
VACL:IP/MAC FWD/DRP
private vlans
1、VTP模式設爲透明
2、pri/sec VLAN
3、將端口划進相應的VLAN
Spoofing attacks:
Attacks on switch devices: