Author Archives: Jay

Getting Started with Cisco Configuration Professional to Configure a ZBF

Cisco Configuration Professional is a Windows GUI application that network security administrators can use to deploy and manage multiple routers in a single environment. It can be used to configure and monitor Cisco routers without using the Cisco IOS Command Line Interface. There are two versions currently available on the market – Cisco Configuration Professional is… Read More »

BPDU Filter and its Potential to Cause a Network Loop

Spanning-tree “BPDU Filter” works similar to “BPDU Guard”, as it allows you to block BPDU’s. The major difference is that “BPDU Guard” will place an interface that receives the BPDU into an “err-disabled” state pretty much protecting the violating port while “BPDU Filter” just “filters” it leaving the port to stay up. If a user… Read More »

BPDU Guard Concept, STP Attack and Mitigation

BPDU Guard, BPDU Filter, Root Guard and Loop Guard are all considered spanning tree security features, they all have different characteristics as to what they protect and how they work. Spanning tree attacks can harm the data-plane at Layer 2 therefore using spanning tree security we can mitigate “Man in the Middle” type attacks, protect… Read More »

Dynamic ARP Inspection (DAI) Concept/Attack Example and Implementation

Dynamic ARP Inspection is a security feature that rejects invalid and malicious ARP packets, by using DAI we can prevent ARP Poisoning/Spoofing Attacks. The Address Resolution Protocol works the following way “” wants to communicate with “” however the switch does not know how to reach the layer 3 address as switches only understands L2… Read More »

Private VLAN Concept/Implementation

Private VLANs are basically VLANs within a VLAN, they partition a regular VLAN domain into sub-domains. A sub-domain is represented by a “Primary” VLAN and a “Secondary” VLAN, this is called a “VLAN pair”. You can have multiple VLAN pairs for example one VLAN pair for each sub-domain. All VLAN pairs share the same primary VLAN. The secondary VLAN… Read More »