Use private VLANs.

• Enable BPDU guard.

• Enable trunking manually

• Disable DTP.

• Set the native VLAN to an unused VLAN.

to determine if remote access is enabled

when packets are being dropped from a particular directly attached host

when an end device can reach local devices, but not remote devices

to determine the MAC address of a directly attached network device on a particular interface

There is no ability to provide accountability.

User accounts must be configured locally on each device, which is an unscalable authentication solution.

It is very susceptible to brute-force attacks because there is no username

The passwords can only be stored in plain text in the running configuration.

It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

It sends a DHCPNAK and begins the DHCP process over again.

It discards both offers and sends a new DHCPDISCOVER.

It accepts both DHCPOFFER messages and sends a DHCPACK.

Three security violations have been detected on this interface.

• This port is currently up.

The port is configured as a trunk link.

Security violations will cause this port to shut down immediately.

The switch port mode for this interface is access mode.

WEP

WPA Personal

WPA2 Personal

WPA2 Enterprise

The native VLAN number used on any trunk should be one of the active data VLANs.

The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.

Trunk ports should be configured with port security.

Trunk ports should use the default VLAN as the native VLAN number.