Switch

A switch forwards frames within a LAN at layer 2 using a MAC address table. Classic layer-2 attacks include MAC flooding (overflowing the table to force hub-like broadcasting) and ARP poisoning (to set up man-in-the-middle). Defenses include 802.1X port authentication, port security, DHCP snooping, dynamic ARP inspection, and VLANs.