This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.
CCIE #29033

This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.

You can also follow me on twitter @FE80CC1E

Sunday, January 22, 2012

Layer 2 Security Best Practices

Here are a couple of recommendations from Cisco when it comes to securing layer 2

  • STP - Leverage Root Guard and BPDU Guard
  • Shutdown unused ports
  • Leverage DHCP snooping and DAI (Dynamic Arp Inspection)
  • Disable unneeded services
  • Use port security to restrict the number of MAC addresses that a port can learn
  • Limit management access to a layer 2 switch
  • Use SNMPv3
  • Do not use the native VLAN to send user data. Create a native VLAN and do not add any ports to it.

This was not mentioned but I would also add PVLAN (Private VLANs) and VACL's where appropriate.

Monday, January 16, 2012

CCIE Security.....

Well I have started the long process of becoming a CCIE in security. I am going to start right from the beginning (CCNA Security---> CCNP Security---> CCIE Security Written ---> CCIE Lab) to ensure that no topics are left unturned. I am not sure that I learned my lesson from the R&S track but I have to renew by May of 2013 so Security made the most sense.

Anyone going down the same path?


Cisco UCS Blades Deploy 47% Faster versus HP

A partner at Cisco shared this link with me showing the time differences between the deployment of blade servers. Cisco vs HP....imagine if you were deploying tens or hundreds of blades.