[c-nsp] Equipment for a large-ish LAN event
Roland Dobbins
rdobbins at arbor.net
Tue Dec 8 23:40:12 EST 2015
On 9 Dec 2015, at 8:19, Laurent Dumont wrote:
> arp-inspection
DAI is a self-defeating misfeature which can result in a self-DoS of the
switch. Don't enable it!
DHCP Snooping and IP Source Guard are very useful anti-spoofing
mechanisms, and should be enabled on the access ports.
Also, Root Guard, Loop Guard, and BPDU-Guard should be enabled in a
situationally-appropriate manner.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the cisco-nsp
mailing list