Private VLANs (PVLAN) prevent layer 2 connectivity between hosts on a switch in the same VLAN/subnet; this provides security and removes the need to re-IP address. This is useful in certain scenarios when it is not desirable for the host machines to be able to communicate with each other e.g DMZ or ISP environments… Continue reading CCNP SWITCH: Private VLANs (PVLAN)

CCNP SWITCH: VLAN Trunking Protocol (VTP)

  VTP (VLAN Trunking Protocol) is a layer 2 protocol that maintains VLAN configurations, managing addition, deletions and changes of VLANs within a VTP domain. A VTP domain is one switch or multiple connected switches (via a trunk link) that share the same VTP configuration. Only 1 VTP Domain supported per switch. VTP domain is… Continue reading CCNP SWITCH: VLAN Trunking Protocol (VTP)

CCNP SWITCH: DHCP Snooping and Dynamic ARP Inspection

DHCP Snooping An attacker could connect a rogue DHCP server onto a network replying to client DHCP requests that designates an incorrect default gateway and DNS severs, leading to a man-in-the-middle attack enabling the hacker to gain sensitive information such as usernames and passwords. DHCP Snooping can prevent this by trusting the switch port(s) a… Continue reading CCNP SWITCH: DHCP Snooping and Dynamic ARP Inspection

CCNP SWITCH: Portfast, BPDUGuard, RootGuard

Portfast Enable Portfast per interface Switch (config)# interface range fastethernet 0/1-48 Switch (config-if)# spanning-tree portfast Enable Portfast globally on all access ports (NOTE – this will not enable portfast on trunk link until you configure “spanning-tree portfast trunk” on the interface) Switch (config)# spanning-tree portfast default Troubleshooting commands Switch (config)# show spanning-tree interface fastethernet 0/4… Continue reading CCNP SWITCH: Portfast, BPDUGuard, RootGuard

CCNP SWITCH: VLAN Access Control Lists (VACL)

VLAN ACLs (VACLs) provide traffic filtering for all packets within the same VLAN or that are routed into or out of the VLAN, where as a normal ACL can only be applied to routed packets only. VACLs are also known as VLAN access-maps, they are similar to route maps and use route-map conventions in which… Continue reading CCNP SWITCH: VLAN Access Control Lists (VACL)