SD-WAN Security and the SASE Convergence
SD-WAN provides encryption and segmentation but creates an inspection gap. SASE fills that gap with cloud-delivered SWG, CASB, FWaaS, ZTNA, and DLP. The 2026 vendor landscape compared.
Go Deeper on Enterprise Networking
In-depth tutorials on OSPF, BGP, 802.1X, and more- for engineers who want to understand the why, not just the how.
OSPF
Open Shortest Path First tutorials covering LSA types, area design, neighbor states, route summarization, authentication, and OSPF tuning for enterprise and service provider networks.
32 posts
BGP
Border Gateway Protocol tutorials covering eBGP, iBGP, path selection, route filtering, communities, and BGP design for enterprise and service provider networks.
33 posts
802.1X
802.1X port-based network access control tutorials covering EAP methods, RADIUS integration, MAB, dynamic VLAN assignment, and Cisco ISE deployment for wired and wireless environments.
32 posts
VLAN
VLAN tutorials covering VLAN creation, 802.1Q trunking, inter-VLAN routing, VTP, private VLANs, and VLAN design for enterprise campus and data center switching environments.
25 posts
Wireless
Wireless networking tutorials covering 802.11 standards, Wi-Fi 6/6E/7, RF fundamentals, WLAN design, roaming, security, and Cisco Catalyst 9800 wireless LAN controller configuration for enterprise Wi-Fi deployments.
45 posts
STP
Spanning Tree Protocol tutorials covering classic STP, RSTP, and MSTP operation, port roles and states, PortFast, BPDU Guard, root bridge election, and loop prevention in switched networks.
27 posts
Latest posts
SD-WAN Deployment Models: Hybrid, Internet-Only, and Cloud On-Ramp
The four SD-WAN branch deployment models compared (hybrid, internet-only, cloud on-ramp, multi-cloud), HQ patterns, and the typical 18-30 month migration from MPLS-only.
Cisco vManage / SD-WAN Manager: The Operator's Walkthrough
Cisco vManage (now SD-WAN Manager) is the management plane of Cisco Catalyst SD-WAN. Templates, policies, dashboards, the REST API, HA model, and the operational realities at scale.
Cisco Catalyst SD-WAN Architecture: vManage, vSmart, vBond, WAN Edge
The four-component Cisco Catalyst SD-WAN (formerly Viptela) architecture: vManage, vSmart, vBond, and WAN Edge. OMP routing protocol, cEdge vs vEdge, fabric bring-up walkthrough.
SD-WAN Architecture: Control, Data, and Management Planes Explained
Every SD-WAN platform shares the same three-plane architecture: management, control, and data. The vendor-specific components (vManage, vSmart, FortiManager, etc.) compared.
SD-WAN vs MPLS: When Each Wins in 2026
SD-WAN and MPLS are not pure substitutes. The technical differences, cost story without the marketing spin, when MPLS still wins, and the hybrid pattern most enterprises end up with.
MP-BGP: Multiprotocol BGP Address Families Explained
MP-BGP (RFC 4760) is what lets a single BGP session carry IPv6, VPNv4, EVPN, and more. The AFI/SAFI model, route distinguishers, and how modern data center fabrics use MP-BGP for everything.
STP vs RSTP: Convergence, Port Roles, and When to Switch
Classic 802.1D STP vs 802.1w RSTP. The convergence differences (30s vs sub-second), the port state and role changes, and the one-command Cisco migration from PVST+ to Rapid PVST+.
BGP Neighbor States: The 6-State FSM and How to Diagnose It
BGP's finite state machine has six states: Idle, Connect, Active, OpenSent, OpenConfirm, Established. What each means, why Active is a problem state, and the diagnostic that maps each stuck state to a real cause.
Tagged vs Untagged VLANs: How Trunks and Access Ports Really Work
Tagged and untagged frames are the half of every VLAN problem nobody explains clearly. The mental model, when each is correct, the native VLAN, and the cross-vendor (Cisco / Aruba / Juniper) cheat sheet.
VLAN Hopping Attacks Explained: Switch Spoofing and Double Tagging
VLAN hopping bypasses Layer 2 isolation. The two attacks (switch spoofing via DTP, double tagging via the native VLAN) and the four-line Cisco configuration that defeats both.
802.1Q VLAN Tag Explained: The 4 Bytes That Make Trunking Work
The 802.1Q VLAN tag is 4 bytes inserted into Ethernet frames to carry VLAN identity across trunks. TPID, TCI, PCP, DEI, VID, and the native VLAN explained byte by byte.