802.1x VLAN User Distribution (VLAN Group)

In this blog post, I will be going over 802.1x VLAN User Distribution (sometimes referred to as "VLAN Groups") in Cisco IOS and a use case scenario that involves Cisco ISE (Identity Services Engine). First, some background around VLAN Groups. Based on my research it seems there are two major types of VLAN Groups: The … Continue reading 802.1x VLAN User Distribution (VLAN Group)

Advertisements

Lets just go ahead and use DTP & VLAN 1… Part 1: Attacking DTP – getting those server files

In my previous post, I discussed the vulnerabilities introduced from using the defaults of DTP and VLAN1 along with ways to mitigate the vulnerabilities. In this post a basic example of attacking DTP will be reviewed. To make things easier to follow the following diagram will be used throughout the series: Before the attack, for demonstration purposes, … Continue reading Lets just go ahead and use DTP & VLAN 1… Part 1: Attacking DTP – getting those server files

Lets just go ahead and use DTP & VLAN 1… Part 0: What using DTP & VLAN 1 means

By default, DTP auto negation is enabled on Cisco switches on all layer 2 ports and they are placed in VLAN 1. These two defaults allow for an easy way to just deploy a switch, or attach another switch to gain more port density, without needing any configuration knowledge. While this is very helpful, the … Continue reading Lets just go ahead and use DTP & VLAN 1… Part 0: What using DTP & VLAN 1 means