Private VLAN’s and PVLAN Edge

Overview of attacks & countermeasures

  • IP spoofing – IP source guards, PACL
  • STP Spoofing – BPDU guard, Root guards
  • MAC Spoofing  – Port Security , Static CAM table entries
  • DHCP Server Spoofing – DHCP Snooping
  • ARP Spoofing – ARP inspection (ASA + IPS )
  • VLAN Hopping – Disable auto DTP *
  • CAM Floods – Port Security , 802.1x
  • DHCP Starvation – DHCP Rate limiting

Continue reading

Advertisements

ip local-proxy-arp

Recently, while trying to enable proxy arp on an interface, I noticed the presence of the sub interface command ‘ip local-proxy-arp’.  I was a little puzzled and the googling I did didn’t help me get a better understanding of the concept.  Bewildered, I turned to my favorite network forum, networking-forum.com and asked if someone could help out with an explanation…

Continue reading

How the DHCP AutoInstall Process Works

AutoInstall using DHCP allows for the configuration of a new Cisco router using Ethernet, Token Ring, and FDDI interfaces (the AutoInstall process using serial line interfaces remains unchanged from previous releases).

Note The term “router” is used in the following process to represent any supported Cisco device (including, for example, Access Servers).

Continue reading