An Example of a Security Exploit Due to the Native VLAN

January 18, 2018 at 8:24 pm

Native VLAN

In many of our Cisco courses, we learn that networking best practices often point to the non-use of the Native VLAN. But why is this?

It turns out there are security vulnerabilities that could result from having a VLAN not tagged across your trunk links. For example, there is the VLAN hopping attack.

Here is how this attack could work:

Step 1: A bad person at a customer site wants to send frames into a VLAN that they are not part of.

Step 2: This person double tags the frame (Q-in-Q) with the outer frame matching the native VLAN in use at the provider edge switch.

Step 3: The provider edge switch strips off the outer tag (because it matches the native VLAN), and send this frame across the trunk.

Step 4: The next switch in the path examines the frame and reads the inner VLAN tag and forwards the frame accordingly.

Notice this attack is unidirectional. The attacker can send traffic into the VLAN, but traffic will not return. Even still, this is obviously not something we want taking place.

What are possible solutions?

  • Use ISL trunks in the cloud – this becomes less and less possible as ISL trunks fade away.
  • Use a Native VLAN that is outside of the range permitted for the customer.
  • Tag the native VLAN in the cloud.

 

The OSI Model Challenge – Quiz 1

August 6, 2017 at 8:51 am

Enjoy this challenge regarding the OSI model. This quiz maps to many different certification exams including, CCENT, CCNA, A+, N+, and many more!  Good luck!

The OSI Model Challenge

Enjoy this challenge regarding the OSI model. This quiz maps to many different certification exams including, CCENT, CCNA, A+, N+, and many more!
Start

Congratulations - you have completed The OSI Model Challenge.

You scored %%SCORE%% out of %%TOTAL%%.

Your performance has been rated as %%RATING%%


Your answers are highlighted below.
Return
Shaded items are complete.
12345
678End
Return

Store and stream video tutorials, study materials and practice online tests at your convenience using a cloud hosted virtual PC by using CloudDesktopOnline.com. Visit Apps4Rent.com today to know how cloud technology can boost your productivity.

CCDA 200-310 at CBT Nuggets – Revised Outline

December 22, 2015 at 10:13 pm

CCDA

The New CCDA Date:

In addition to the CCDA outline changing, I have a revised completion date. This course completes on 12/31/2015 just in time for the new year! As you can see below – the outline grew considerably based on author and student feedback. Remember, current subscribers can enjoy many of the Nuggets that are completed right now:

CCDA Link

The New and Improved CCDA Outline :

  1. Course Introduction
  2. Plan, Build, Manage
  3. The PPDIOO Network Lifecycle
  4. Characterizing the Existing Network
  5. IP SLA
  6. Top-Down Versus Bottom-Up
  7. Case Study: Top-Down Design
  8. Building a Modular Network
  9. Applying Modularity
  10. Campus Network Design
  11. Designing Enterprise Network Security
  12. Designing the Edge Module
  13. WAN Design
  14. Branch Design
  15. Data Center Design
  16. IP Addressing
  17. Routing Protocols
  18. Case Study: IGPs
  19. Case Study: BGP
  20. QoS
  21. Wireless
  22. Case Study: Wireless
  23. Collaboration
  24. Case Study: Collaboration
  25. SDN