Refer to the exhibit. Switch#show etherchannel summary
Yüklə 2,03 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Question 104
|
Double-Tagging attack:
In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and the second matches the VLAN of a host it wants to attack (VLAN 20). When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed. Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards out to the Victim computer. Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker. In other words, this attack is only successful if the attacker belongs to the native VLAN of the trunk link. Another important point is, this attack is strictly one way as it is impossible to encapsulate the return packet. To mitigate this type of attack, we can use VLAN access control lists (VACLs, which applies to all traffic within a VLAN. We can use VACL to drop attacker traffic to specific victims/servers); or implement Private VLANs; or keep the native VLAN of all trunk ports different from user VLANs. Question 104 Refer to the exhibit. R1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is 10.56.0.1 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 10.56.0.1 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.56.0.0/17 is directly connected, Vlan56 L 10.56.0.19/32 is directly connected, Vlan56 C 10.56.128.0/18 is directly connected, Vlan57 L 10.56.128.19/32 i directly connected, Vlan57 When router R1 is sending traffic to IP address 10.56.192.1, which interface or next hop address does it use to route the packet? A. 0.0.0.0/0 B. Vlan57 C. 10.56.0.1 D. 10.56.128.19 Yüklə 2,03 Mb. Dostları ilə paylaş:
|