WDS Transparent Mode, DrayTek Inter-LAN Firewalls and some interesting observations!

A client required isolated networks for factory hardware but their infrastructure, many basic NetGear switches, did not support VLAN separation (my original hope was to use the DrayTek default gateway for inter-VLAN routing). This required some 'thinking outside of the box' and resulted in a design that made use of a DrayTek to isolate the … Continue reading WDS Transparent Mode, DrayTek Inter-LAN Firewalls and some interesting observations!

CCDA Design – Key Things I learned

Following on from a recent CCNA Security pass I decided while I was in the swing of things to keep going with my studies and work towards the CCDA Design qualification which thankfully I passed. From my perspective this was a slightly more difficult exam than the CCNA R&S and the CCNA Security exams due … Continue reading CCDA Design – Key Things I learned

DHCP Snooping, Dynamic ARP Inspection and IP Source Guard

With a client going for an ISO standard which dictates stringent controls over both the external and the internal network resources I decided to put in some additional controls to ensure confidentiality, integrity and availability of the internal network. As the client uses Cisco hardware on premise, this consisted of a trio of additional measures … Continue reading DHCP Snooping, Dynamic ARP Inspection and IP Source Guard

802.1x MAC Authentication Bypass (MAB) to an NPS Server

Continuing to build on earlier posts where we setup 802.1x to authenticate users and place them in predefined VLANs, then extended this to dynamically assign the VLAN, this post will look at what to do for devices that don't speak 802.1x such as printers etc. While there is a guest VLAN command for dot1x we could use … Continue reading 802.1x MAC Authentication Bypass (MAB) to an NPS Server