This is the first on the series…..about Securing Cisco Devices.!
Cisco Switches must be configured!!!!
This is the reason you bought a Cisco Switch 😉
By default the ports are all configured as dynamic desirable which will cause a trunk to be automatically created if 2 switches with default configuration are connected.
So lets see what a malicious user can get….by sniffing the network.
After that using few commands specific for the switchport we will limit the traffic to protect the switch !
The Final Configuration of the port will be :
SW1#show running-config interface fastEthernet 0/18
Current configuration : 319 bytes
switchport mode access
no cdp enable
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
After the above configuration you should not connect another Switch on the interface FastEthernet 0/18. The Configuration is for end devices only.
Links to follow
- Understanding VLAN Trunk Protocol (VTP)
- Configuring Spanning Tree PortFast, BPDU Guard, BPDU Filter, UplinkFast