Configuring all user-access ports to fixed configurations via the switchport access vlan command effectively secures network switches against unauthorized inter-segment traffic manipulation, such as VLAN hopping. This technique reduces the chance of exploitation by forcing each port to carry traffic for a specified VLAN only, not allowing dynamic changes that could permit unauthorized access. In contrast, using the switchport nonegotiate command or dynamic VLAN assignments does not specifically aim at preventing this manipulation and thus is less effective in securing the switches adequately. Setting unused ports to a blackhole VLAN is a good security practice but does not directly prevent unauthorized inter-segment traffic manipulation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is VLAN hopping and how does it relate to switch security?
Open an interactive chat with Bash
What does the switchport access command do?
Open an interactive chat with Bash
Why is setting unused switch ports to a non-routable VLAN important?