Skip to main content

Posts

Showing posts from July, 2022

VPC in Cisco Nexus and Failover scenarios.

Etherchannel is the technology that binds multiple physical links in to the single logical link in the switch which fools the spanning tree to be visible as a single port id instead of multiple physical ports id's this causes all the ports to be in the forward state to pass the traffic without creating the loops in the network. We can configure the etherchannel either through static or dynamic. Static ether channel works by manually binding the physical ports into one logical port, this is not recommended because it is not aware the state of the other end physical ports whereas LACP (Link aggregation control protocol) and PAGP (Port aggregation group protocol) are the two dynamic protocols. LACP is the IEEE standard and the PAGP is the Cisco proprietary protocol, LACP is the most commonly used protocol in the networks it works by negotiating with the other end of the ports and would form the portchannel once the set of parameters match on both ends. We can bind max 16 ports to a si

What is ARP and different types of ARP.

 ARP stands for Address resolution protocol, it is used to convert the IP address (Logical address in network layer ) to MAC address ( Physical address in the data link layer) that means it converts the 32 bit address of the IP address to 48 bit mac address. Some enthusiasts  treat ARP operates on both layer 2 and layer 3, its like 2.5 protocol. ARP is a crucial protocol to successfully send the traffic to the end host. Let's assume there is an 24 ports L3 capability switch configured with SVI interface IP 192.168.1.1 and the  subnet 255.255.255.0, four users are connected to the switch from port 2 to 5, port 2 connected user is user 2 and port 3 connected user is user 3 and so... Port 2 endhost has been configured with the IP 192.168.1.2, port 3 was configured with IP 192.168.1.3 and so..If user connected to port 2 require to send the data to the user on port 3, the user 2 endhost require both the IP and the mac addresses of user 3 without lacking any of these, there would be no c

Layer 2 Security Feature : Dynamic ARP inspection

 We all know about how the ARP works and the importance of it to send the traffic to the endhost, it translates the IP to the mac address. Before we know about the dynamic arp inspection we would need to understand about the ARP poisoining, it is an man in the middle attack works by poisoining the ARP cache database.  IP to mac address tables are stored in the arp cache database in the switch or router. Hacker can poison the arp database by rewriting his own mac address for the default gateway IP so all the users traffic will redirect to the hacker laptop which causes the successful man in the middle attack. Dynamic ARP inspection works by inspecting the ARP cache database with the help of dhcp snooping database. Yesterday I explained the dhcp snooping so you can look into the article to  know how it works. It records the assigned IP with the mac addresses in the dhcp snooping table so the arp inspection would use the dhcp snooping database to find the correct IP to MAC address mapping

Layer 2 Security Features: DHCP SNOOPING

DHCP Snooping is one of the security features operating at layer 2, it has to be applied in the access layer which directly serves the end hosts.DHCP snooping helps to mitigate the attacks from the rogue dhcp server to assign IP addresses to the endhosts. It should be enabled to meet the security compliance for the organization. Given below are the two scenarios discussed about those attacks. Scenario-1 is not the intention of the user to attack the network and Scenario-2 is a hacker attempting to steal the information. Scenario-1: Company-A  has a  strict restricted policy for the employees personal laptops to connect to the network.  User-A who recently joined in the organisation was not aware of the policy and connected his laptop to the network, immediately user-A laptop responding to the dhcp messages from other host because its configured with a dhcp server and started assigning the IP address of the core network, this leads to the major outage of the network because those IP add

What is Netflow and how it works

 Netflow is the collection of flow of networks. It is a Cisco proprietary protocol used to collect the source and destination IP along with the bytes it consumes, totally it is a collection of flow of packets and export to the Netflow collector. Netflow collector is the server where the application is running ex Solarwinds, Logic Monitor etc.. It is a one way traffic, the routers or switches configured with Netflow would send the  traffic to the collector as per the threshold timers set in the devices. There was no trap like feature which is available in snmp where the traffic has been initiated from the server end. Netflow configuration has been divided into three parts - Flow record, Flow Exporter and Flow Monitor. As the name itself Flow record is the collection of information where it collects the flow. It defines the information that NetFlow gathers, such as packets in the flow and the types of counters gathered per flow. Flow record is the combination of the  “match” and “collect