In a real-world scenario with hundreds of ports, manually typing in MAC addresses is administratively prohibitive.
: Create VLAN 20 on all switches (SW-A, SW-B, SW-1, SW-2, and Central) and assign an IP address to the Interface VLAN 20 for remote management.
: Creating a specific Management VLAN (VLAN 20) and attaching a dedicated management PC to it. 14.9.11 packet tracer - layer 2 vlan security
While specific IP addresses and device names may vary slightly depending on the version of the curriculum (often associated with CCNA Security or CyberOps), the core topology of the activity typically follows a standard hierarchical model:
: Connecting switches (e.g., SW-1 and SW-2) using crossover cables to provide failover paths. In a real-world scenario with hundreds of ports,
In the world of networking, we often talk about firewalls, ACLs, and encryption. But what happens if an attacker simply unplugs a legitimate user’s laptop and plugs in a rogue device? What if they spoof a VLAN or launch a MAC flood?
S1(config)# interface range f0/5-24, g0/3-4 S1(config-if-range)# switchport mode access S1(config-if-range)# switchport access vlan 999 S1(config-if-range)# shutdown While specific IP addresses and device names may
: Use switchport mode trunk to prevent VLAN hopping attacks that exploit DTP (Dynamic Trunking Protocol).
Move these ports to the dummy VLAN 999 and administratively disable them.