14.2. Securing Layer 2
You can implement some techniques and features to mitigate the dangers of DHCP, MAC, and ARP spoofing. The following features can be configured to guard against these threats:
Dynamic ARP inspection (DAI)
Dangers from an attacker who hops VLANs and creates security vulnerabilities can be controlled through proper configuration of ports and trunks. The features that can be configured to aid in protecting against these threats include:
Private VLANs (PVLANs)
VLAN access control lists (VACLs)
14.2.1. Port Security
Port Security is a super useful and powerful feature supported on Cisco switches that restricts a switch port to a specific set or number of MAC addresses. By specifying the number of MAC ...