Overview of attacks & countermeasures
- IP spoofing – IP source guards, PACL
- STP Spoofing – BPDU guard, Root guards
- MAC Spoofing – Port Security , Static CAM table entries
- DHCP Server Spoofing – DHCP Snooping
- ARP Spoofing – ARP inspection (ASA + IPS )
- VLAN Hopping – Disable auto DTP *
- CAM Floods – Port Security , 802.1x
- DHCP Starvation – DHCP Rate limiting
Have you ever wondered what commands were actually in a “show tech” on the Nexus 5000? Well, I did. There seems to be a lot of info in there, and there really is. I compiled a list of commands that a show tech runs on a Nexus 5000 and have listed them below. Enjoy!
In the following table you see descriptions and causes of error counters
Many times we (network engineers) hear the complaint “the network is working, but it is terribly slow”. This is often one user’s perception of a perfectly working network however, other times there is something to the complaint. One thing to check is if that particular user’s switchport is reporting any errors. Let’s take a look at the error counters on a typical switchport.
Recently, while trying to enable proxy arp on an interface, I noticed the presence of the sub interface command ‘ip local-proxy-arp’. I was a little puzzled and the googling I did didn’t help me get a better understanding of the concept. Bewildered, I turned to my favorite network forum, networking-forum.com and asked if someone could help out with an explanation…
When you starting talking about DMVPN you’ll typically hear it being described as a Phase I, II, or III type DMVPN network, so let’s quickly discuss the differences between these three DMVPN phases: