思科认证CCNA考试听课笔记9
在接口下,通过命令dot1x port-control来指定端口的授权状态,参数意义如下:dot1x port-control force-authorized: Disables 802.1x port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client. This is the default setting.
dot1x port-control force-unauthorized: Causes the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface.
dot1x port-control auto: Enables 802.1x port-based authentication and causes the port to begin in the unauthorized state, allowing only EAPOL frames to be sent and received through the port.
VLAN Attack:
攻击者接入交换机后先设法将链路协商为trunk,继而对其它VLAN实施攻击
解决方法:PVLAN(private VLAN):Primary VLAN,secondary VLAN(isolated vlan and community vlan)
从VLAN分两种,隔离VLAN和团体VLAN,属于隔离VLAN的端口称隔离端口,属于团体VLAN的端口称团体端口,属于主VLAN的端口称混杂端口。
混杂端口可跟所有端口通信,隔离端口只能跟混杂端口通信,团体端口可以跟混杂端口通信,还可以跟相同VLAN的团体端口通信。
页:
[1]