VLAN Trunking Protocol (VTP)

VLAN is a group of devices/users physically connected to one or more switches, but they are logically separated. All devices in a single VLAN receive broadcast sent by a device in that respective VLAN. By default, all interfaces of switch are in a single VLAN or single broadcast domain.

It’s a very simple job to configure VLANs on few switches; you just have to manually access every switch and configure VLANs. But it will be a very tedious job to configure VLANs manually on each and every switch in the large network.

Read More »


Auto Secure Command on Cisco Routers – Part 1

AutoSecure is a simple security configuration process that disables nonessential system services and enables a basic set of recommended security policies to ensure secure networking services. AutoSecure disables certain features that are enabled by default that could be exploited for security holes.

Benefits of AutoSecure

Read More »

Minimum Default Configuration on Cisco Switch/Router

  • Hostname

Hostnames must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. If you establish sessions to multiple devices, the hostname helps you keep track of where you enter commands. Creating an all numeric hostname is not recommended but the name will be accepted after an error is returned.

  • Enable secret

To provide an additional layer of security, particularly for passwords that cross the network, this allow you to establish an encrypted password that users must enter to access enable mode (the default), or any privilege level you specify.Read More »

Infrastructure Access List (iACL)

As we know, the main purpose of private IP address range (RFC 1918) is that they are used only for internal network (LAN). Therefore private IP address range should not be advertised on internet cloud.

Another IP address range is organization’s own public IP pool, purchased from IANA or provided by ISP, which is used for NAT. That range normally used for web server, mail server, LAN users etc. Hence this unique IP address range should not be seen as a source IP address on outside interface of the gateway router.

Read More »

Trunk Links

Trunk links have a capability to carry multiple VLANs on a single link and should be used for interconnecting switches. By default, switch interfaces can carry only one VLAN data.

As in Figure 1, there are two VLANs on SW-A, VLAN 2 and 3. User A-1 is in VLAN 2 and User A-2 is in VLAN 3. Same way there is two VLANs on SW-B. User B-1 is in VLAN 3 and User B-2 is in VLAN 3.

Read More »

VLAN Membership

In static VLAN configuration VLANs are manually created and assigned to switch interfaces. VLAN assignment to interfaces cannot be deleted or altered without any manual intervention, that’s why this method is most secure and very simple to configure.

IP configuration on hosts or user PCs must match with VLAN membership on switches.

As in figure 3, interface g0/1 and g0/2 are manually configured in VLAN 2 and interface g0/3 and g0/4 are in VLAN 1. By default, all interfaces of switches are in VLAN 1.

Read More »