Browsed by
Category: SENSS

Dynamic ARP Inspection (DAI)

Dynamic ARP Inspection (DAI)

Dynamic ARP Inspection (DAI) has following characteristics – Enable DHCP shooping first – Create ARP ACL for static IPs – By default all ports are untrusted when feature is enabled – 15 PPS rate-limit for untrusted ports by default ip arp inspection vlan 13 interface GigabitEthernet1/0/33 ip arp inspection trust interface GigabitEthernet1/0/34 ip arp inspection limit 10 arp access-list TEST-ARP-ACL permit ip host 10.10.10.10 mac AAAA.BBBB.CCCC 0.0.0 ip arp inspection filter TEST-ARP-ACL vlan 13 errdisable recovery cause arp-inspection errdisable recovery…

Read More Read More

Configuring SMNPv3 in Cisco devices

Configuring SMNPv3 in Cisco devices

Cisco Router access-list 10 permit 172.16.20.12 access-list 10 permit 172.16.20.10 snmp-server engineID local 1234567890 snmp-server group Snmp3ReadGroup v3 priv access 10 snmp-server user Snmp3User Snmp3ReadGroup v3 auth sha Snmp3UserHash priv aes 128 Snmp3UserEnc Cisco ASA snmp-server group Snmp3ReadGroup v3 priv snmp-server user Snmp3User Snmp3ReadGroup v3 encrypted auth sha Snmp3UserHash priv aes 128 Snmp3UserEnc snmp-server host-group outside SNMP-SERVERS poll version 3 Snmp3User

Source Guard

Source Guard

Cisco Switch IP Source Guard has following features – Allows DCHP traffic by default – Enable DHCP shooping first – Create ip source binding table for static IPs – No ARP Police on trusted port interface GigabitEthernet1/0/33 ip verify source port-security ip source binding AAAA.BBBB.CCCC vlan 13 10.10.10.10 interface GigabitEthernet1/0/33 show ip verify source show ip source binding

VLAN Acess-List (VACL) in Cisco Switch

VLAN Acess-List (VACL) in Cisco Switch

To create VLAN Access-Lists following steps are required a. create mac/ip ACLs based on requirements b. combine created ACLs under vlan access-map and indicate actions(drop/forward) c. do not forget to allow all other traffic by permit all ACL d. apply access-map to vlan by vlan filter command mac access-list extended TEST-MAC-VACL permit host 0000.1234.5678 any ip access-list extended PERMIT-VACL permit ip any any ip access-list extended TEST-VACL permit tcp host 10.0.0.1 any eq 345 permit udp host 10.0.0.1 any eq…

Read More Read More

Switch Port Security

Switch Port Security

Configuring Port Security on Cisco Catalyst 3750 Switch interface GigabitEthernet1/0/33 description test interface switchport access vlan 13 switchport mode access switchport port-security maximum 50 switchport port-security violation restrict switchport port-security mac-address sticky switchport port-security

DHCP Snooping

DHCP Snooping

DHCP Snooping in Cisco Switch – By default all ports are untrusted when feature is enabled ip dhcp shooping ip dhcp snooping database flash:/snoopy.db ip dhcp shooping vlan 18 interface GigabitEthernet1/0/33 ip dhcp snooping limit rate 10 ip dhcp snooping trust show ip dhcp snooping show ip dhcp shooping binding more flash:/snoopy.db