Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. To see how well you have memorized the commands as a side effect of your other studies, cover the left side of the table with a piece of paper, read the descriptions on the right side, and see whether you remember the commands.

Table 6-10 Chapter 6 Configuration Command Reference

Command

Description

switchport mode access

An interface configuration mode command that disables trunking by setting a Cisco Catalyst switch port to operate as an access port

switchport nonegotiate

An interface configuration mode command that prevents the use of Dynamic Trunking Protocol (DTP) to form an Ethernet trunk

switchport trunk native vlan vlan-id

An interface configuration mode command that defines which VLAN on an IEEE 802.1Q trunk will serve as the trunk's native VLAN

spanning-tree guard root

An interface configuration mode command that enables the Root Guard feature on a Cisco Catalyst switch port

spanning-tree portfast bpduguard

An interface configuration mode command that enables the BPDU Guard feature on a Cisco Catalyst switch port

ip dhcp snooping

A global configuration mode command that globally enables the DHCP snooping feature

ip dhcp snooping vlan vlan-id(s)

A global configuration mode command that enables the DHCP snooping feature for specified VLANs

ip dhcp snooping trust

An interface configuration mode command that configures a Cisco Catalyst switch port as a trusted DHCP snooping port

ip dhcp snooping limit rate number

An interface configuration mode command that limits the number of DHCP messages on a port to a certain number of messages per second

Table 6-10 Chapter 6 Configuration Command Reference (Continued)

Command

Description

ip arp inspection trust

An interface configuration mode command that configures a Cisco Catalyst switch port to be a trusted Dynamic ARP Inspection (DAI) port

switchport port-security

An interface configuration mode command that enables port security on a Cisco Catalyst switch port

switchport port-security violation response

An interface configuration mode command that specifies a Cisco Catalyst switch port's response to a port security violation

dotlx port-control [forced-authorized | forced-unauthorized | auto]

An interface configuration mode command that specifies the IEEE 802.1x behavior of a Cisco Catalyst switch port

dot1x guest-vlan vlan-id

An interface configuration mode command that optionally identifies the VLAN to be used as an 802.1x guest VLAN

dot1x auth-fail vlan vlan-id

An interface configuration mode command that optionally identifies the VLAN to be used as an 802.1x restricted VLAN

Table 6-11 Chapter 6 EXEC Command Reference

Command

Description

show port-security

Displays Cisco Catalyst switch ports configured for port security, the maximum number of secure MAC addresses configured for those ports, the current number of secure MAC addresses on those ports, the number of security violations that have occurred on those ports, and the actions those ports will take in response to a port security violation

show port-security address

Displays the MAC address(es) learned from Cisco Catalyst switch ports enabled for port security

show port-security interface interface-id

Displays port security statistics for the specified Cisco Catalyst switch interface

show dot1x

Displays IEEE 802.1x status information

show dot1x [all | interface-identifier]

Displays port-level IEEE 802.1x status information for all interfaces or for a specified interface

Table 6-11 Chapter 6 EXEC Command Reference (Continued)

Command

Description

show dot1x statistics interface [interface-identifier]

Displays IEEE 802.1x statistical information for all ports or a specified port

show aaa servers

Displays operation status for the configured RADIUS servers

This chapter covers the following topics:

Examining endpoint security: This section begins the discussion by examining a variety of threats faced by endpoints in a network environment. It also introduces a series of techniques that can help safeguard your systems from common operating system vulnerabilities. Furthermore, this chapter examines the destructive nature of buffer overflows, viruses, worms, and Trojan horses and discusses why it is important to guard against each of these.

Securing endpoints with Cisco technologies:

Cisco has developed specific technologies to help you defend your endpoints against the forms of attack introduced in the first section, as well as against other threats. This section examines such technologies as IronPort, the Cisco NAC Appliance, and the Cisco Security Agent. It also discusses best practices for endpoint security.

0 0

Post a comment