DHCP Snooping, Dynamic ARP Inspection and IP Source Guard

With a client going for an ISO standard which dictates stringent controls over both the external and the internal network resources I decided to put in some additional controls to ensure confidentiality, integrity and availability of the internal network. As the client uses Cisco hardware on premise, this consisted of a trio of additional measures … Continue reading DHCP Snooping, Dynamic ARP Inspection and IP Source Guard

Automated Configuration Backup of Cisco Devices

So we all know backups of servers are pretty important, but what about the network fabric everything runs on? For most readers of this blog we’ve moved away from ‘dumb’ switches that you can connect to the LAN with no concerns about the underlying setup toward more intelligent switches that now perform port security, VLAN isolation … Continue reading Automated Configuration Backup of Cisco Devices

802.1x MAC Authentication Bypass (MAB) to an NPS Server

Continuing to build on earlier posts where we setup 802.1x to authenticate users and place them in predefined VLANs, then extended this to dynamically assign the VLAN, this post will look at what to do for devices that don't speak 802.1x such as printers etc. While there is a guest VLAN command for dot1x we could use … Continue reading 802.1x MAC Authentication Bypass (MAB) to an NPS Server

Spamming Spanning-Tree

Recently a client approached me as they regularly had interruptions on their network which was starting to frustrate them. After a short period of monitoring via PRTG it was clear they were suffering periodic bouts of packet loss on the LAN which seemed to peak during working hours and the slow downs were experienced by … Continue reading Spamming Spanning-Tree