Above is a visual of Private VLANs and how they can communicate with each other, however this is going to be a lot of Switch security, so lets get to it. Port Security troubleshooting Some common issues that can cause Port Security not to work: Port Security is configured but not enabled - This is … Continue reading TSHOOT – Port Security, DHCP Snooping, IP Source Guard, DAI, Protected Ports, Private VLANs, and VACL Troubleshooting!
IP Source Guard is similar to Dynamic ARP Inspection in the way that it maps IP Addresses to certain criteria that must match or packets will be dropped, however this is configured solely on the interfaces and ties the IP Address of the device off that interface to its ip source verify table. You can … Continue reading Quick IP Source Guard Review, and how it differs from DAI (slightly) for exam day!
Some quick notes from labbing tonight that I thought is good to knows for Exam day, this will all be very messy crap with output behaviors, no editing out to make it look nice! ALSO one important note I keep forgetting - It is for PRIVATE VLANS that VTP and neighbors hosting Private VLAN must … Continue reading Quick Takeaways from DHCP Snooping / Dynamic ARP Inspection / VLAN Access-List labbing session and misc tips for Exam Day success!
(I did actually plug in a Rogue server for the sake of time this lab, but its there!) Consider the above Topology, and how DHCP works from the Client side, that the Client accepts the first DHCP Offer message it receives - What if a Rogue DHCP Server is placed on the network segment with … Continue reading DHCP Snooping – Fundamentals, Design Issues explained, Config / Verification output demonstrated, other misc info!