[Webinar] Streamline your web hosting managementRegister Today


Why aren't Security features on Cisco switches used.

Posted on 2011-10-13
Medium Priority
Last Modified: 2012-05-12
I have not seen any of these security features implemented? Dynamic ARP inspection, DHCP snooping, IP source guard, root guard, 802.1x, port security.

BPDU guard and port channel misconfiguration and of course TACACS and SSH are commonly used.

We learn about them in the CCNA and CCNP but everywhere I go it seems that they are not used?

Maybe other companies use them but I have not seen them used.
Question by:Dragon0x40
LVL 26

Accepted Solution

Soulja earned 500 total points
ID: 36964189
Many companies use DHCP Snooping and it's recommended to do so. Many companies use port security too. 802.1x is not used in many places, but is starting to gain ground in company deployment. I am currently engrossed in an 802.1x project right now.

I think it's just that you haven't seen them used.

Assisted Solution

akalbfell earned 500 total points
ID: 36964393
I agree with you Dragon, you dont see those types of features turned on nearly as much as they should be. People do make sure thy turn on features like port fast though (usually after a computer fails to pull an IP or a user complains about slowness.)
My only answer would be there are a lot of either lazy or incompetent people out there. If it doesn't fall under the category "necessary to get everything working correctly" it gets back burnered or never done.

They will learn their lesson when soeone plugs in a switch and the network seizes up.
LVL 12

Assisted Solution

jjmartineziii earned 500 total points
ID: 36964812
It's because people aren't properly trained on how to set them up.

In addition, enabling those features increase the complexity of the network. If you organization that is using these switch don't have the staff to manage them, they can be more work than they are useful.

Assisted Solution

ipajones earned 500 total points
ID: 36967536
Echoing what @jjmartineziii has said really.  You often find that many spanning tree stability mechanisms such as loop guard, root guard and udld are not used either.  Generally I think because people are simply not aware of them or how/why to use them.  The same applies to DHCP snooping (although to a lesser extent), Dynamic Arp Inspection and IP source guard.  Switchport Port security though is often used, although I've never seem dot1x port authentication implemented.

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question