Above is a visual of Private VLANs and how they can communicate with each other, however this is going to be a lot of Switch security, so lets get to it. Port Security troubleshooting Some common issues that can cause Port Security not to work: Port Security is configured but not enabled - This is … Continue reading TSHOOT – Port Security, DHCP Snooping, IP Source Guard, DAI, Protected Ports, Private VLANs, and VACL Troubleshooting!
IP Source Guard is similar to Dynamic ARP Inspection in the way that it maps IP Addresses to certain criteria that must match or packets will be dropped, however this is configured solely on the interfaces and ties the IP Address of the device off that interface to its ip source verify table. You can … Continue reading Quick IP Source Guard Review, and how it differs from DAI (slightly) for exam day!
Some quick notes from labbing tonight that I thought is good to knows for Exam day, this will all be very messy crap with output behaviors, no editing out to make it look nice! ALSO one important note I keep forgetting - It is for PRIVATE VLANS that VTP and neighbors hosting Private VLAN must … Continue reading Quick Takeaways from DHCP Snooping / Dynamic ARP Inspection / VLAN Access-List labbing session and misc tips for Exam Day success!
The above Topology perfect (sort of) why Dynamic ARP Inspection exists! Dynamic ARP Inspection exists to protect against the possibility of what can happen in the above Topology if Host B (Man in the Middle) gets a copy of an ARP request for a Data Server on the network, then sets its own IP Address … Continue reading Dynamic ARP Inspection (DAI) – Fundamentals, configuration, ARP ACL config, Verification, and lots of details!