Cisco IINS 2.0: Securing the Data Plane on Cisco Switches

This course is included in our On-demand training solution.


Like routers, both Layer 2 and Layer 3 switches have their own set of network security requirements. Access to switches is a convenient entry point for attackers who are intent on illegally gaining access to a corporate network. With access to a switch, an attacker can set up rogue access points and protocol analyzers, and launch all types of attacks from within the network. Attackers can even spoof the MAC and IP addresses of critical servers and do significant damage. This course introduces basic switching concepts, explains security threats that exploit vulnerabilities in the switching infrastructure, and examines strategies to mitigate those threats.

Target Audience

Network designers, administrators, engineers, and managers; systems engineers; individuals seeking the Implementing Cisco IOS Network Security (IINS) v2.0 640-554 certification, which is associated with the CCNA Security certification exam. Knowledge and skills equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1) are required, and a working knowledge of the Windows operating system and Cisco IOS networking and concepts is recommended.


Expected Duration

120 min.

Course Objectives

Introducing VLANs and Trunking

  • describe what VLANs are and how they work
  • Configuring VLANs and Trunks

  • describe how to configure trunks
  • identify guidelines to follow when creating VLANs
  • Introducing Spanning Tree

  • describe how STP provides a loop-free network topology
  • Common Threats to the Switching Infrastructure

  • match the security threats that exploit vulnerabilities in the switching infrastructure to their description
  • sequence the steps involved in a double-tagging VLAN hopping attack
  • Protecting the Switch Data Plane

  • identify strategies for protecting the switch data plane
  • Understanding Spanning Tree Mitigation Features

  • identify spanning-tree features on Cisco IOS routers that prevent STP operations from having an impact on the security posture
  • Describing and Configuring Port Security

  • sequence steps to configure port security on an access port using CLI
  • match switch port port-security parameters to their descriptions