Hey Keith, sorry if this is only my comment since it's been a while I watching your vids. But you are realy a great man ,a son, a friend, for sure a husband too and a relally great father, you really are. Pls keep safe and all you guys out there. Cheers!!!
Noted. Meanwhile, this may help: www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3se/consolidated_guide/b_consolidated_3850_3se_cg_chapter_0111101.html#task_988BBB5CB4D14D5881BD6557776D4D5A
Hi Keith, Hope you are doing good. I have a doubt, can you please help me in clearing it. If we have three vlans (vlan10,20,30), so dhcp snooping and dynamic arp inspection to be done on all the 3 vlans ryt ?????? Dhcp snooping trust to be done only on the port of the switch on which DHCP server is connected right ???? DAI to be done on the uplink ports if two switches are connected and also to the port which is getting connected to the router ????? All the PCs, printers and ip phones which will be connected to the ports of the switches should be kept as DAI untrusted right ??? Sorry i am not able to put an attachment of the diagram. Please help me clearing my doubt.
Thank you for the question jarvis mk0103. If you can join me on a Saturday during my Office Hour on Discord, I think it would be an effective way for me to answer your question there live. ogit.online/Join_OGIT_on_Discord 10am Pacific, each Saturday.
Hi Keith , how did you setup built-in Wireshark in eve-ng. I was trying to find out in the google but no luck. Please help me with instructions to do it for myself.
You are really doing great Job. The way of your teaching is really really osm👍. And always starting with your positive attitude that's really matter that how fasinate you are!! I Wish you best of luck keep teaching with positive energy.
Does Dai only work when using an iOS router or switch as a DHCP server for it to read the mac entries from DHCP snooping or does it also work if a Windows server is acting as a DHCP server?
Hi keith, thank you, what i mean is that when you said to your son "burn-In-Address", you have said that you keep those jar of letters to make your voice understandable or to adjust the volume of your voice. What is in that small box?? And how does they help you?? Thanks
Keith, I noticed you have put port security as your choice many many times, and I am dying to see that as part of your life stream. Could you, pretty please, talk about it on your life stream one of this days?
Thank you Vickey Cheng for the topic recommendation. I will keep that on my radar and see about working that in to a future video. Thanks again for the input, and for being here.
Hi Keith, lets say we have 3 switches and this VLAN exit in all 3, when an ARP request is sent it will be sent to all port (that are on that VLAN) in all 3 switches, right? My question is about the ARP access-list. If I understand right we would have to create an access-list with all the IP\MACs from all the devices connected to that 3 switches that are on that VLAN and put that ACL in all 3 switches? or I would create 3 different ACLs one for each switch just with the IP\MACs on that switch?
Thank you Alex Calderaro. Feel free to join my Discord sever. Lots of people there helping each other out. Each Saturday at 10am Pacific I hold my "Office Hour" where learners can ask questions about the topics they are studying. Mostly focusing on Cisco CCNA 200-301 topics. Feel free to join us there live if you are available. Here is the link ogit.online/Join_OGIT_on_Discord Thanks again Alex Calderaro!
Aisha Maukembayeva thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Hi, Keith. To what the dhcp snooping binding table being compared to? From the traffic being sent by workstation along with the info like ip and mac? Or the arp table of the switch itself?
Thank you for the question Erickson. The goal of ARP inspection is to prevent devices (that are connected to the switch ports) from lying about their layer 2 addresses in either their ARP messages (requests and replies). So in answer to your question it looks at ARP traffic being sent by a connected workstation or device. Thanks for being here, and for the question.
We are both big fans of Packet Tracer, DAI is one of the features added in 7.3.0... in order to make it CCNA7 compatible. I am curious if you have tried a DAI config there. It takes the commands for "ip arp inspection vlan 10", and it takes the trusted interface command, but it shows "enabled Incactive" in the "show ip arp inspection vlan 10" and I haven't gotten to block a device set to a static IP from getting a successful ARP, but it does count "forwarded" and "DHCP Permitis" in "show ip arp inspection statistics" Im really not asking for you to test it for me, only if you have played with it already and gotten similar or more successful results.
Hi Morgan. I will be making some PT labs that include DAI soon, so I will be taking a closer look at it here in a week or two. Will keep you posted! Thanks for the questions.
anders gjerløw thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. I will add UDLD to my list, and see if I can work that into a future video.
Hi Keith What command should be configured on a switch. Whenever the switch port detects another switch port the switch is going to shutdown that port ?
Mohamed Ahmed thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
leonneteng thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Edwin Gerena thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Thank you Psudoevil for the topic recommendation. I will keep Port Security on my radar and see about working that in to a future video. Thanks again for the input, and for being here.
karthik reddy thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
BAD NEWS BITTU thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Chamsou Kharoubi thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
![I.N "HALLUCINATION" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/n5B5q1Hwt_U/mqdefault.jpg)
Hey Keith, sorry if this is only my comment since it's been a while I watching your vids. But you are realy a great man ,a son, a friend, for sure a husband too and a relally great father, you really are. Pls keep safe and all you guys out there.
Cheers!!!
Thank you Brunmart!
Keep on smiling Keith! Knowledge + Positive Attitude = Success!
Thank you John Hobbs!
thanks, this helped me finish my lab, this some cool tech... and your teaching style is fun, i like making up randoms relatable stories too!
Cool, thanks!
thank you for producing training videos to help us learn about different technologies..Love watching and learning from you guys.
Happy to do it, thanks for the feedback Justin Lang.
Hello Keith,
Very thanks for this wonderful video on security. Kindly make a video lecture on DAI static acl for the MAC TO IP mapping.
Noted. Meanwhile, this may help: www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3se/consolidated_guide/b_consolidated_3850_3se_cg_chapter_0111101.html#task_988BBB5CB4D14D5881BD6557776D4D5A
Hi Keith,
Hope you are doing good.
I have a doubt, can you please help me in clearing it.
If we have three vlans (vlan10,20,30), so dhcp snooping and dynamic arp inspection to be done on all the 3 vlans ryt ??????
Dhcp snooping trust to be done only on the port of the switch on which DHCP server is connected right ????
DAI to be done on the uplink ports if two switches are connected and also to the port which is getting connected to the router ?????
All the PCs, printers and ip phones which will be connected to the ports of the switches should be kept as DAI untrusted right ???
Sorry i am not able to put an attachment of the diagram.
Please help me clearing my doubt.
Thank you for the question jarvis mk0103. If you can join me on a Saturday during my Office Hour on Discord, I think it would be an effective way for me to answer your question there live. ogit.online/Join_OGIT_on_Discord
10am Pacific, each Saturday.
@@KeithBarker sure i willl
That wud be 24 oct 10.30pm of mine
Now I understand why you're so great Keith. You're the real father of Harry Potter! kidding aside more power to you sir :)
You are awesome Keith !
Thank you Deepak!
Hi Keith , how did you setup built-in Wireshark in eve-ng. I was trying to find out in the google but no luck. Please help me with instructions to do it for myself.
You are really doing great Job. The way of your teaching is really really osm👍. And always starting with your positive attitude that's really matter that how fasinate you are!!
I Wish you best of luck keep teaching with positive energy.
Thanks a ton
Awesome video! Thanks for this content
Glad you liked it!
Does Dai only work when using an iOS router or switch as a DHCP server for it to read the mac entries from DHCP snooping or does it also work if a Windows server is acting as a DHCP server?
Where can I get the shirt you are wearing, Keith?
Thank you for the question Jh De. I got that shirt on Amazon.
By the way Keith, you resemble TeaBag of prison break fame. I am a big fan though and I'd like to thank you for your wonderful content.
Hey keith,
I really like the way you teach, thank you.
What is that necklas stones? What do you with it??
Thank you for the question Somali. The heart (the stone) is made of glass, and my wife gave it to me as a gift.
Hi keith, thank you, what i mean is that when you said to your son "burn-In-Address", you have said that you keep those jar of letters to make your voice understandable or to adjust the volume of your voice. What is in that small box?? And how does they help you??
Thanks
@@somaliudiidaceeb2904 Just a jar of letters, as a reminder.
Keith, I noticed you have put port security as your choice many many times, and I am dying to see that as part of your life stream. Could you, pretty please, talk about it on your life stream one of this days?
Thank you Vickey Cheng for the topic recommendation. I will keep that on my radar and see about working that in to a future video. Thanks again for the input, and for being here.
Hi Keith, lets say we have 3 switches and this VLAN exit in all 3, when an ARP request is sent it will be sent to all port (that are on that VLAN) in all 3 switches, right? My question is about the ARP access-list. If I understand right we would have to create an access-list with all the IP\MACs from all the devices connected to that 3 switches that are on that VLAN and put that ACL in all 3 switches? or I would create 3 different ACLs one for each switch just with the IP\MACs on that switch?
Thank you Alex Calderaro. Feel free to join my Discord sever. Lots of people there helping each other out. Each Saturday at 10am Pacific I hold my "Office Hour" where learners can ask questions about the topics they are studying. Mostly focusing on Cisco CCNA 200-301 topics. Feel free to join us there live if you are available. Here is the link ogit.online/Join_OGIT_on_Discord
Thanks again Alex Calderaro!
Thanks for this video, Keith! It will be great to learn about VPN next week :)
Aisha Maukembayeva thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
What's the difference between arp spoofing and arp poisoning?
Hi, Keith. To what the dhcp snooping binding table being compared to? From the traffic being sent by workstation along with the info like ip and mac? Or the arp table of the switch itself?
Thank you for the question Erickson. The goal of ARP inspection is to prevent devices (that are connected to the switch ports) from lying about their layer 2 addresses in either their ARP messages (requests and replies).
So in answer to your question it looks at ARP traffic being sent by a connected workstation or device.
Thanks for being here, and for the question.
We are both big fans of Packet Tracer, DAI is one of the features added in 7.3.0... in order to make it CCNA7 compatible. I am curious if you have tried a DAI config there. It takes the commands for "ip arp inspection vlan 10", and it takes the trusted interface command, but it shows "enabled Incactive" in the "show ip arp inspection vlan 10" and I haven't gotten to block a device set to a static IP from getting a successful ARP, but it does count "forwarded" and "DHCP Permitis" in "show ip arp inspection statistics" Im really not asking for you to test it for me, only if you have played with it already and gotten similar or more successful results.
Hi Morgan. I will be making some PT labs that include DAI soon, so I will be taking a closer look at it here in a week or two. Will keep you posted! Thanks for the questions.
For me it would be VPN. Would you be interesting in cover UDLD in the future?
anders gjerløw thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. I will add UDLD to my list, and see if I can work that into a future video.
Did I totally miss the arp access list video bit?
Thank you for the question Robb. Not sure if I included the static arp acl entries as part of this video.
Keith Barker thanks for the reply.
Hi Keith
What command should be configured on a switch. Whenever the switch port detects another switch port the switch is going to shutdown that port ?
Thank you for the question Karwan.
The droid you are looking for is BPDU Guard. :)
medium.com/ken-m-lai/bpdu-filter-vs-bpdu-guard-a112f967798b
Hi Keith, do you have any tutorial for VXLAN and EVPN?
Thank you for the question, unfortunately I don't.
Keith can you make a quiz about DAI ?
Its the Barker Family !!!!
Thank you Jacob. There are a lot of us out there. Happy studies.
Thanks
broadcast to find server
Thank you Edwin Gerena! Glad you are here.
Great explanation, you are the best. next session VPN please.
Mohamed Ahmed thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Great video, VPN next week, thank you.
leonneteng thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Hello from Chicago would like VPN
Edwin Gerena thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Anything sir,, your wish 😋
Thank you for the comments! Glad you are here. :)
I'm down for Port Security but seems like VPN is the winner.
Thank you Psudoevil for the topic recommendation. I will keep Port Security on my radar and see about working that in to a future video. Thanks again for the input, and for being here.
Thanks@@KeithBarker Finished watching your Cysa+ videos. Taking my exam this Tuesday!
it ARP for the address
Thank you Ricardo Leiniz!
VPN please
karthik reddy thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Next week I want VPN
BAD NEWS BITTU thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.
Lol port security SP shout out well I'm in PV
VPN
Chamsou Kharoubi thanks for your input! That is the topic we will be addressing in the next stream. I appreciate your participation. See you in the next video.