A traffic move forwards based on the MAC addresses. Every switch contains a high-speed memory MAC address table, called the Content Addressable Memory (CAM). The switch recreates this table every time it is powered, using both the incoming frame source MAC addresses and the port number through which the frame entered the switch. Learn more by visiting WS-C3750X-24P-L.
Cisco safety switch
Conventional network security often focuses more on routers for external blocking of traffic. Switches operate on the organization’s internal network and are designed to facilitate connectivity, thus applying only limited or no security measures.
To secure your Cisco switches and network the following basic security features can be used:
Physically Secure the Device: Secure physically your network switches by mounting them in a rack and installing the rack in a secure, excluded space. Make it a good practice to limit only authorized personnel access.
Secure Passwords are used:
Secure passwords in user mode, telnet line, and privilege mode. Cisco suggests using six non-repeat characters or more. Copying the following procedures is likewise a good practice:
- Change the passwords periodically.
ii . ii. Never use words found in your dictionary
And iii. Because of the advance encryption techniques, use the enable secret command a privilege mode
- IV. Encrypt all passwords using the password-encoding service command
Activate SSH Access: You encrypt the entire login session by enabling SSH, which includes password transmission. SSH offers good protection over weak networks and secure communication.
Disable Unused Ports: disable unused switch ports to prevent connection to any usable ports via unknown network devices or wireless access channels.
Activate security at port
Enabling port protection helps to restrict the access to a switch port to a limited MAC address list. The specific ports ‘sticks’ with the MAC addresses that allow only traffic from those connected devices and restrict or automatically shut down when plugging in a different Mac address.
Disable Telnet: disable your telnet access to all network devices; this can be achieved by not configuring a password when logging in for any VTY sessions.
Network Access and Traffic Monitoring: Monitoring all traffic passing through your network is worthwhile, if possible note or record all device MAC addresses connecting to all ports on your switches. Take immediate action to detect any malicious or unauthorized access to traffic.