Chapter 7. Switch Security Features
Traditional security focuses on the network perimeter, such as firewalls, and on mitigating Layer 3 attacks. However, networks must be protected against Layer 2 attacks, too. These are typically launched from devices inside the network by either a rogue device or a legitimate device that has been compromised. Rogue devices might be placed maliciously or innocently connected by a well-intentioned employee. For instance, someone wanting more connections might add an access switch or wireless access point to a port in their office. The switch might then become the Spanning Tree root bridge and disrupt user traffic.
The following are four common types of attacks against a switched network:
MAC address-based attacks: ...