In Cisco IOS devices, Layer 2 security features refer to security measures that are applied at the data link layer (layer 2) of the OSI model. Some common Layer 2 security features include:
Port security: This feature allows you to restrict the number of MAC addresses that can be learned on a specific switch port.
Dynamic ARP inspection (DAI): This feature protects against ARP spoofing attacks by inspecting ARP packets and verifying their authenticity.
802.1X authentication: This feature uses the 802.1X standard to authenticate devices connecting to the network.
MAC address filtering: This feature allows you to specify a list of MAC addresses that are authorized to access the network on a specific switch port.
Spanning Tree Protocol (STP) security: This feature helps to prevent unauthorized changes to the network topology and protects against looping in the network.
DHCP snooping: This feature helps to prevent rogue DHCP servers from being introduced into the network.
Link Aggregation Control Protocol (LACP) security: This feature helps to prevent unauthorized links from being aggregated.
These features help to increase the security and stability of a network, and are essential for protecting the network from security threats.
For additional info and configuration of these security features check this article
Layer 2 security features in IOS devices
Please check this Network Simulator w/ Designer for CCNA , provides a virtual lab environment where a router/switch network can be simulated.
Several lab exercises with scenario type labs have been provided for hands-on practice. Router and switch IOS simulator for ease of learning Cisco router/switch commands. Design your own labs using any number of switches and routers.
The labs are intended to give familiarity with the router or switch commands. Example labs can be viewed here.