Sniffing and Securing Cisco Switch traffic


This is the first on the series…..about Securing Cisco Devices.!

Cisco Switches must be configured!!!!
This is the reason you bought a Cisco Switch ūüėČ
By default the ports are all configured as dynamic desirable which will cause a trunk to be automatically created if 2 switches with default configuration are connected.
So lets see what a malicious user can get….by sniffing the network.

After that using  few commands specific for the switchport we will limit  the traffic to protect the switch !

The Final Configuration of the port will be :

SW1#show running-config interface fastEthernet 0/18
Building configuration…

Current configuration : 319 bytes
interface FastEthernet0/18
 switchport mode access
 no cdp enable
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable

After the above configuration you should not connect another Switch on the interface FastEthernet 0/18. The Configuration is for end devices only.

Links to follow