L2 security…


Been reading the study guide about L2 security. You can really mess up a whole network very simply, and you can basically take down the whole thing pretty easily if your switches are not configured correctly. There was also alot of things about IP spoofing and ARP spoofing. Pretty nifty stuff, and you can all secure your network alot by making some pretty basic choices, and execute them all over your network.

A non-intrusive command like: “ip dhcp snooping”, executed in global mode, and then “ip dhcp snooping trust” on the interface pointing towards your DHCP server, will set you up for a pretty good baseline to configure your network security around. Both IP source guard and dynamic arp inspection use this table to make smart choices about “good” and “bad” traffic on your network.

I will be doing up some labs on it all tomorrow, to see how it actually pans out on the switches. And then its off for the weekend. Will probably only do a few hours reading this weekend, but then i should be well on my way to finishing the study guide.

On a side note, the cellular network i spoke of yesterday, is still not up and running fully. Must have been a big failure, but im sure TDC is working around the clock to make sure its comming back online.