{"id":482,"date":"2010-08-05T00:00:00","date_gmt":"2010-08-05T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/08\/05\/security-on-cisco-catalyst-switches\/"},"modified":"2021-07-30T14:38:43","modified_gmt":"2021-07-30T14:38:43","slug":"security-on-cisco-catalyst-switches","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html","title":{"rendered":"How to secure your Cisco Catalyst switch"},"content":{"rendered":"<p>Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your network.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6629e34c1c40e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6629e34c1c40e\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#1_PASSWORDS\" title=\"1. PASSWORDS\">1. PASSWORDS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#2_CONSOLE\" title=\"2. CONSOLE\">2. CONSOLE<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#3_HTTP_SERVER\" title=\"3. HTTP SERVER\">3. HTTP SERVER<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#4_CDP\" title=\"4. CDP\">4. CDP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#5_PREVENT_ROUGE_TRUNKS\" title=\"5. PREVENT ROUGE TRUNKS\">5. PREVENT ROUGE TRUNKS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#6_PORT_SECURITY\" title=\"6. PORT SECURITY\">6. PORT SECURITY<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#7_SPANNING_TREE_SECURITY\" title=\"7. SPANNING TREE SECURITY\">7. SPANNING TREE SECURITY<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#8_DHCP\" title=\"8. DHCP\">8. DHCP<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#9_MISC\" title=\"9. MISC\">9. MISC<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\/#REFERENCES\" title=\"REFERENCES\">REFERENCES<\/a><\/li><\/ul><\/nav><\/div>\n<h4><span class=\"ez-toc-section\" id=\"1_PASSWORDS\"><\/span><strong>1. PASSWORDS<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>First of all passwords are configured. One password is used for the enable password and the other will later be assigned to the console port.<\/p>\n<blockquote><p>enable secret\u00a0 [password]<br \/>\nusername admin password [password]<\/p><\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"2_CONSOLE\"><\/span><strong>2. CONSOLE<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>The console port is secured by setting a timeout value along with assigning the previously configured username and password.<\/p>\n<blockquote><p>line console 0<br \/>\nexec-timeout 30<br \/>\nlogin local<\/p><\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"3_HTTP_SERVER\"><\/span><strong>3. HTTP SERVER<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>B y default the HTTP server is enabled. This can be disabled unless otherwise required.<\/p>\n<blockquote><p>no ip http server<br \/>\nno ip http secure-server<\/p><\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"4_CDP\"><\/span><strong>4. CDP<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>CDP can be used as an attack vector. To disable CDP run the following command:<\/p>\n<blockquote><p>no cdp run<\/p><\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"5_PREVENT_ROUGE_TRUNKS\"><\/span><strong>5. PREVENT ROUGE TRUNKS<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>By default ports are set to dynamic desirable. Meaning that they can either be a trunk port or a access port depending on what you plug in. To ensure that a rogue device can not be plugged in and a trunk port formed (meaning all VLAN traffic would be sent out of this port) a switchport can be configured to be only set to access mode.<\/p>\n<blockquote><p>(config-if)# switchport mode access<strong>\u00a0<\/strong><\/p><\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"6_PORT_SECURITY\"><\/span><strong>6. PORT SECURITY<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Cisco provides the ability via the port-security commands to limit the amount of MAC address that can be populate the mac address table\u00a0via a\u00a0specific port. This can prevent potential CAM overflow attacks.<\/p>\n<p><em><strong>Note :<\/strong><\/em> When you enter the default value the full command will not be displayed via a `show run`<\/p>\n<blockquote><p>(config-if)# switchport port-security<br \/>\n(config-if)# switchport port-security maximum 1 [1 is default]<br \/>\n(config-if)# switchport port-security violation shutdown [shutdown is default]<\/p><\/blockquote>\n<p>The violation options are :<\/p>\n<p><strong>shutdown (default)<\/strong>\u00a0&#8211; The interface is transitioned to\u00a0a state pf error-disable, that in turn blocks all\u00a0traffic.<br \/>\n<strong>protect\u00a0&#8211;<\/strong> Frames from MAC addresses other than the permitted\u00a0addresses\u00a0are dropped; traffic from allowed addresses is permitted to pass normally.<br \/>\n<strong>restrict\u00a0&#8211; <\/strong>The same as protect mode but additionally generates a syslog message.<\/p>\n<p>Sticky MAC allows the configured number of mac address that enters the port to be assigned against it, any further MACs would be denied. Learnt addresses are added to the switches configuration much the same as if you were to explicitly define the allowed address via the port security command, such as :<\/p>\n<blockquote><p>(config-if)# switchport port-security mac-address [mac]<\/p><\/blockquote>\n<p>To enable port-security sticky the following command can be used :<\/p>\n<blockquote><p>(config-if)# switchport port-security mac-address [sticky mac]<\/p><\/blockquote>\n<p>Below are the main show commands :<\/p>\n<blockquote><p>show port-security interface fastethernet 0\/8<br \/>\nshow port-security<strong>\u00a0<\/strong><\/p><\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"7_SPANNING_TREE_SECURITY\"><\/span><strong>7. SPANNING TREE SECURITY<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Intruders can attempt to sabotage the root bridge role, changing the root bridge role can then allow them to force traffic over alternative STP path that is possible slower and also allow them to span traffic from the switch that they have forced to become the root bridge.<\/p>\n<p>To guard against this you can use the guard root feature. This will ensure that if someone plugs a switch into this port and tries to place themselves as the root bridge the switch will place this port into a &#8220;blocking&#8221; state.<\/p>\n<blockquote><p>(config-if)# spanning-tree guard root<\/p><\/blockquote>\n<p>BPDU guard ensures that no STP Protocol traffic (BPDU`s) are sent over ports that are designated as access ports.<\/p>\n<blockquote><p>(config-if)# spanning-tree bpduguard enable<br \/>\n(config-if)# spanning-tree portfast<\/p><\/blockquote>\n<p>You can also enable this globally on any port that has portfast enabled by running the following command,<\/p>\n<blockquote><p>(config) spanning-tree portfast bpduguard default<\/p><\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"8_DHCP\"><\/span><strong>8. DHCP<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>DHCP attacks can cause network outages and can also become a catalyst for man in the middle attacks. Man in the middle attacks are produced via rogue DHCP server replying to DHCP requests and then providing them with a default gateway of themselves. They then receive the traffic, sniff it and pass it on to their own default gateway.<\/p>\n<p>DHCP Snooping &#8211; DHCP Snooping is intended to prevent a malicious user from pretending to be the network DHCP server. This is achieved via :<\/p>\n<ol>\n<li>Telling the switch which port(s)\u00a0the DHCP server is connected to via\u00a0issuing the ip dhcp snooping trust command.<\/li>\n<li>DHCP snooping building a table of all DHCP REQUESTS and OFFERS which is then uses to determine malicious intent.<\/li>\n<\/ol>\n<p><strong><em>Note : <\/em><\/strong>DHCP snooping also provides security against ARP spoofing. Due to the switch building a table of all DHCP requests and responses it can determine if a rogue ARP response is sent from a\u00a0device based on the information within its table.<\/p>\n<p>Below we stop DHCP replies on the following VLANs.<\/p>\n<blockquote><p>(config)# ip dhcp snooping vlan 1,4,3<\/p><\/blockquote>\n<p>As our DHCP server is on port 24 we allow DHCP<\/p>\n<blockquote><p>(config)# interface fastethethernet 0\/24<br \/>\n(config-if)# ip dhcp snooping trust<\/p><\/blockquote>\n<p>DHCP rate limiting prevents pool exhaustion. The example below would allow for 3 DHCP replies per second.<\/p>\n<blockquote><p>(config-if) ip dhcp snooping limit rate 3<\/p><\/blockquote>\n<h4><span class=\"ez-toc-section\" id=\"9_MISC\"><\/span><strong>9. MISC<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p><strong>9.1 Switch Port Analyser (SPAN)<\/strong><\/p>\n<p>SPAN ports allow you to send all the traffic from other ports out to a designated port. This is normally configured if you need to either place a standard packet sniffer on the designated port or an IDS\/IPS.<\/p>\n<blockquote><p>(config)# monitor session 1 source interface fastethernet 0\/1 &#8211; 20 both<br \/>\n(config)# monitor session 1 destination interface fastethernet 0\/24<\/p><\/blockquote>\n<p><strong>9.2 Private VLANs<\/strong><\/p>\n<p>PVLANs are VLANs inside of VLANs. This allows you to segregate on a host to host level rather than a a subnet level as with conventional VLANs.<\/p>\n<p><strong>9.3 Storm Control<\/strong><\/p>\n<p>Storm control allows you to configure actions at a port level based on overall traffic levels seen per port seen by the switch. Below gives you an example based upon\u00a0port\u00a0shutdown should\u00a0the total throughput of\u00a0traffic be broadcast based.<\/p>\n<p class=\"codemulti\">(config-if) storm-control action shutdown<br \/>\n(config-if) storm-control broadcast level 70<\/p>\n<h4><span class=\"ez-toc-section\" id=\"REFERENCES\"><\/span><strong>REFERENCES<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p><a href=\"http:\/\/packetlife.net\/blog\/2010\/may\/3\/port-security\/\">http:\/\/packetlife.net\/blog\/2010\/may\/3\/port-security\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your network. 1. PASSWORDS First of all passwords are configured. One password is used for the enable password and the other will later be assigned to the console &#8230; <a title=\"How to secure your Cisco Catalyst switch\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\" aria-label=\"Read more about How to secure your Cisco Catalyst switch\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to secure your Cisco Catalyst switch - Fir3net<\/title>\n<meta name=\"description\" content=\"Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to secure your Cisco Catalyst switch - Fir3net\" \/>\n<meta property=\"og:description\" content=\"Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2010-08-05T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-30T14:38:43+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"How to secure your Cisco Catalyst switch\",\"datePublished\":\"2010-08-05T00:00:00+00:00\",\"dateModified\":\"2021-07-30T14:38:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\"},\"wordCount\":935,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Cisco Switching\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\",\"url\":\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\",\"name\":\"How to secure your Cisco Catalyst switch - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2010-08-05T00:00:00+00:00\",\"dateModified\":\"2021-07-30T14:38:43+00:00\",\"description\":\"Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Networking\",\"item\":\"https:\/\/www.fir3net.com\/networking\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Switches\",\"item\":\"https:\/\/www.fir3net.com\/networking\/switches\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Cisco Switching\",\"item\":\"https:\/\/www.fir3net.com\/networking\/switches\/cisco-switches\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"How to secure your Cisco Catalyst switch\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to secure your Cisco Catalyst switch - Fir3net","description":"Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html","og_locale":"en_US","og_type":"article","og_title":"How to secure your Cisco Catalyst switch - Fir3net","og_description":"Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your","og_url":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html","og_site_name":"Fir3net","article_published_time":"2010-08-05T00:00:00+00:00","article_modified_time":"2021-07-30T14:38:43+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"How to secure your Cisco Catalyst switch","datePublished":"2010-08-05T00:00:00+00:00","dateModified":"2021-07-30T14:38:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html"},"wordCount":935,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Cisco Switching"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html","url":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html","name":"How to secure your Cisco Catalyst switch - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2010-08-05T00:00:00+00:00","dateModified":"2021-07-30T14:38:43+00:00","description":"Below is a guide to the main areas and features that you should be aware of to ensure that your Cisco Catalyst switch is fully secured within your","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Cisco-Catalyst\/security-on-cisco-catalyst-switches.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Networking","item":"https:\/\/www.fir3net.com\/networking"},{"@type":"ListItem","position":3,"name":"Switches","item":"https:\/\/www.fir3net.com\/networking\/switches"},{"@type":"ListItem","position":4,"name":"Cisco Switching","item":"https:\/\/www.fir3net.com\/networking\/switches\/cisco-switches"},{"@type":"ListItem","position":5,"name":"How to secure your Cisco Catalyst switch"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/482"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=482"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/482\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}