Cisco SWITCH 1.0: Minimizing Service Loss and Data Theft

This course is included in our On-demand training solution.


In a switched network, a host of attacks can be launched at a switch and its ports. MAC flooding, rogue traffic “hopping” from one VLAN to another, spoofing attacks, as well as DHCP and Address Resolution Protocol (ARP) threats can occur at Layer 2. It is important that you implement basic security measures to guard against these types of Layer 2 malicious activities.
This course defines the potential vulnerabilities relating to VLANs that can occur within a network. After the vulnerabilities are identified, solutions for each vulnerability are discussed, and configuration commands are defined. This course discusses port security for denial of MAC spoofing and MAC flooding, and the use of private VLANs (PVLANs) and VLAN access control lists (VACLs) to control VLAN traffic. VLAN hopping, DHCP spoofing, Address Resolution Protocol (ARP) spoofing, and Spanning Tree Protocol (STP) attacks are also explained. In addition, potential problems and their solutions, and the method for securing the switch access, with use of vty access control lists (ACLs), and implementing the Secure Shell (SSH) Protocol for secure Telnet access are also covered.

Target Audience

The audience profile for SkillSoft’s SWITCH 1.0: Implementing Cisco Switched Networks training will be established IT professionals who have completed 640-802 Cisco Certified Network Associate, or 640-822 Interconnecting Cisco Networking Devices Part 1 and 640-816 Interconnecting Cisco Networking Devices Part 2.


Expected Duration

120 min.

Course Objectives

Switch Security

  • recognize the vulnerabilities of switches to network attacks
  • Port Security

  • configure port security to block input from devices based on Layer 2 restrictions
  • Authentication and Authorization

  • identify the features of AAA authentication
  • employ 802.1X port-based authentication
  • Configuring Port Security and Authentication

  • configure and verify port security
  • Protecting Against VLAN Attacks

  • prevent VLAN hopping
  • address VLAN security issues
  • Protecting Against DHCP Threats

  • recognize the features of DHCP spoofing attacks
  • configure switches to guard against DHCP threats
  • Threats to ARP

  • recognize ARP threats
  • identify the steps in IP Source Guard configuration
  • Securing Network Services

  • identify CDP and LLDP vulnerabilities
  • protect physical and virtual ports
  • Switch Security Recommendations

  • identify considerations when securing a switched network