Finished working through Security
I have not been able to update my progress as quickly as I would have liked. Work has been busy along with personal commitments 
So I think I have covered security for right now and have a few things to review.
Still working through Security
I have been humming along through the security section on the blueprint and IE’s workbooks. My goal is to be very fluent with the common security configurations like reflexive ACLs, Dynamic ACLs etc before my lab.
Common Security Configurations
I am working through IE’s Vol 1 security section and it has been great so far. I have done this before but never went through it in such detail. Very first task is related to permitting certain types of traffic while denying and logging the rest.
Zooming in on Security
After attempting 4 IE Mock labs and various IE Vol 2 labs, I have a good understanding of my weaknesses. During the next month or so I plan on isolating these sections and will be labbing them up day and night.
How to re-enable an Errdisable port?
September 25, 2008 by CCIETalk
Filed under Bridging & Switching, Security
So you have configured port-security on one of your ports and we all know that by default if the violation occurs, the port will be put in shutdown-errdisable mode. One way to get the port back up is to do a manual shut-noshut on it. In today’s world, this might become an administrative nightmare.
Configuring IEEE 802.1x Port-Based Authentication
The IEEE 802.1x standard defines a client-server-based access control and authentication protocol that prevents unauthorized clients from connecting to a LAN through publicly accessible ports unless they are properly authenticated. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN.
Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port.
Port-Based Traffic Control
Catalyst 3550/3560 offers port-based traffic control that can be implemented in various ways.
- Storm Control
- Protected Ports
- Port Blocking
- Port Security
Storm Control :
Storm control prevents traffic on a LAN from being disrupted by a broadcast, a multicast, or a unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in the network configuration, or users issuing a denial-of-service attack can cause a storm.
Loading ...