Showing posts from November, 2012

DAI - Dynamic ARP Inspection

(config)#ip arp inspection vlan 2 <--- Inspect ARP within the VLAN 2

You can create a ARP Access List and map the IP to MAC, and apply it to DAI:
 (config)#arp access-list ARP_ACL_20
 (config-arp-nacl)#permit ip host mac host 0000.1111.1111
 (config-arp-nacl)#permit ip host mac host 0000.3333.3333
And now APPLY:
 (config)#ip arp inspection filter ARP_ACL_20 vlan 2

 #show ip arp inspection

Source Mac Validation      : Disabled
Destination Mac Validation : Disabled
IP Address Validation      : Disabled

 Vlan     Configuration    Operation   ACL Match          Static ACL
 ----     -------------    ---------   ---------          ----------
    2     Enabled          Active      ARP_ACL_20         No

 Vlan     ACL Logging      DHCP Logging      Probe Logging
 ----     -----------      ------------      -------------
    2     Deny             Deny              Off

 Vlan      Forwarded        Dropped     DHCP Drops      ACL Drops
 ----      ---------        -------     ----------      …

ACE Load Balancer SSL Certificate Part I, Generate the CSR

ACE Load Balancer SSL Certificate Part I, Generate the CSR (Certificate Signing Request)
You have more than one Real Servers, and its much more practical to install an SSL certificate once, on the ACE Load Balancer, then to install it on each and any of the Servers within the Balanced Service.

The CSR is needed for generate or order a new certificate. New certificates are generated by Certificates Authorities (CA) using the CSR as a seed for the certificate generation.
In order to terminate the SSL certificate on the Load Balancer, a few steps must be performed.

Step 1 Define and Configure the Parameters
First thing we need to do is to generate the CSR based on the RSA key and a set of parameters that we need to define and configure on the ACE Load Balancer in the Global Configuration mode:
  (config)# crypto csr-params CSR_CISQUEROS (config-csr-params)# country SP (config-csr-params)# state MA (config-csr-params)# locality MADRID (config-csr-params)# organization-name CISQUEROS TECHNOLOGY (con…