Home > IP Source Guard Questions

IP Source Guard Questions

November 16th, 2019 Go to comments

Question 1

Explanation

IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host’s IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/ipsrcgrd.html

Question 2

Question 3

Question 4

Question 5

Question 6

Comments
  1. suntzu
    February 15th, 2020

    @Burìk
    November 1st, 2019
    Q2
    A is wrong, answer is E.

    BPDUguard makes so that when an interface receives a BPDU that interface goes into err-disable mode, so that you can’t just go to a wall plug and plug a rogue switch in or any other device that will allow you to execute a man-in-the-middle attack. The following command globally activates BPDU Guard on all interfaces with Portfast enabled, so the “campus-wide” requirement is also fullfilled:
    (config)#spanning-tree portfast bpduguard

    That’s only for switches, not laptops or whatever else.

  1. No trackbacks yet.