Cisco TSHOOT 2.0: Troubleshooting Security Issues

This course is included in our On-demand training solution.


Layer 2 security implementation is often forgotten. However, you should take the basic security measures to guard against a host of attacks that can be launched at a switch and its ports. Equally important is how to recognize and solve issues that may occur.
This course describes how to diagnose and troubleshoot port security, spoofing, and virtual LAN access control list (VACL) problems using the Cisco IOS command line interface. It will also explain how to diagnose and resolve AAA and 802.1x port-based authentication problems.

Target Audience

Professionals who work in complex network environments desiring the skills they need to maintain their networks and to diagnose and resolve network problems quickly and effectively. The TSHOOT learning path will provide information about troubleshooting and maintaining particular technologies, as well as procedural and organizational aspects of the troubleshooting and maintenance process. A large part of the training will consist of practicing these skills and reinforcing the concepts by putting them to use in a controlled environment. At the end of the learning path, you should have increased your skill level and developed a set of best practices that are based on your own experience that you can take back to your organization.



Expected Duration

150 min.

Course Objectives

Course Introduction

Port Security Issues Overview

  • describe port security issues
  • Port Security Issues: Not Enabled on Interface

  • troubleshoot a port security issue
  • Port Security Issue: Static MAC Address Misconfigured

  • troubleshoot a MAC address issue
  • Port Security Issue: Maximum MACs per Port Reached I

  • troubleshoot a secure port issue
  • Port Security Issue: Maximum MACs per Port Reached II

  • troubleshoot a secure port
  • Port Security Issue: Sticky MAC Addresses Not Saved

  • troubleshoot a sticky MAC address issue
  • Spoofing Mitigation Issues

  • identify issues that occur with spoofing mitigation
  • Spoofing Mitigation Issues: Misconfigured DHCP Snooping

  • troubleshoot a DHCP snooping issue
  • Spoofing Mitigation Issues: Misconfigured DAI

  • troubleshoot a DAI issue
  • Spoofing Mitigation Issues: IP Source Guard Issue

  • troubleshoot an IP source guard issue
  • PVLANs and Protected Port Issues

  • describe PVLAN and protected port issues that can occur
  • PVLANs and Protected Port Issues: PVLANs Community VLAN

  • troubleshoot a PVLAN issue
  • PVLANs and Protected Port Issues: PVLANs Isolated VLAN

  • troubleshoot an isolated VLAN issue
  • VACL Issues I

  • describe the issues that can occur with VACLs
  • VACL Issues II

  • troubleshoot a VACL issue
  • IPv4 and IPv6 ACL Issues

  • identify the IPv4 and IPv6 ACL issues that can occur
  • ACL: Configuration Guidelines

  • describe ACL configuration guidelines
  • ACL Analysis

  • analyze an ACL configuration
  • IPv4 and IPv6 ACL Issues Demonstration

  • recognize commands used to verify ACL operations
  • Troubleshooting AAA: Method List Issues

  • recognize how to troubleshoot an AAA method list issue
  • 802.1x Port Based Authentication Troubleshooting

  • troubleshoot 802.1x authentication
  • Practice Topic: Troubleshoot Security Issues