LAN Switch Security: What Hackers Know About Your Switches

Chapter 14. Disabling Control Plane Protocols

When control plane policing (CoPP) is not implemented in hardware, it can be worth it to disable control plane protocols rather than rely on the software implementation of CoPP. However, this is drastic and not always applicable. This chapter explores ways to disable some control plane protocols to reduce the risk exposure of a switch.

Configuring Switches Without Control Plane Protocols

As shown in Chapter 12, “Introduction to Denial of Service Attacks,” a control plane in an Ethernet switch consists mainly of the following protocols:

• L2 processing. A switch must process and respond to Spanning Tree Protocol (STP), Link Aggregation Control Protocol (LACP), Port Aggression Protocol (PAgP), IEEE ...

Get LAN Switch Security: What Hackers Know About Your Switches now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

LAN Switch Security: What Hackers Know About Your Switches by Eric Vyncke - CCIE No. 2659, Christopher Paggen - CCIE No. 2659

Chapter 14. Disabling Control Plane Protocols

Configuring Switches Without Control Plane Protocols

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly