MAC addresses flooding
Simulate a large number of source MAC addresses to fill the Mac table of the switch
You can solve this problem through port security.
VLAN hopping
Access other VLANs by changing the VLAN-id of Packet
Strictly set which VLANs are allowed by the trunk and put unused ports in the common VLAN (that is, vlan1)
Attacks between devices on a common VLAN
Devices belonging to the same VLAN can also attack each other.
Solve the problem through pvlan
DHCP starvation
Attackers send numerous DHCP requests. Come on, and the address in the DHCP server address pool is exhausted.
Solve with DHCP snooping
STP compromises
Attackers set their own bridge priority to the maximum, and thus become the bridge root.
Manually set bridge priority to 0, and set a backup root to enable root guard.
Mac spoofing/ARP Spoofing
The attacker changed his MAC address to the target MAC address, so that the attacker could receive the data.
Manually bind the MAC address and interface, or ARP Inspection
CDP manipulation
Because CDP information is in plain text, attackers can capture its information.
Disable CDP on interfaces that do not need to run CDP.
SSH and telnet attacks
SSH and telnet attacks
Use SSH v2 and access-class for telnet