Internet-Switch- Security Config

Unanswered Question
Mar 2nd, 2009

Hi,


Multiple ISP are terminated on Cisco 2960 Layer2Switch. Need advice on how to secure the switch and connect to the core-network to measure the bandwdith..


(( From the switch connection goes to 3-department, I need to dedicate bandwdith to these department as well, total bandwidth is 2MB now, so need to give 1MB / 512KB / 512KB )

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Tue, 03/03/2009 - 04:43

i am not sure if 2960 support policing

if yes this is your option to limit the bandwidth


for example to limit the traffic from one port to 512 k


let say all traffic from 10.1.0.0/24 subnet connected to port fa1/0


access-list 100 permit ip 10.1.0.0 0.255.255.255 any


class-map map1

match access-group 100


plicy-map policy1

class map1

police 512000 ecceed-action trasmit violate drop


interface fa0/1

service-policy policy1 input


if there is no policing try to check if there is any traffic aggregater in the switch


HTH


good luck

ronald.ramzy Tue, 03/03/2009 - 10:25

Many Thanks for your reply.


How could I secure the switch and what is required to connect the swtich to the network in a securely manner

Marwan ALshawi Tue, 03/03/2009 - 13:27

actually it depends if its connected to end point or not

in gemeral

make the vtp mode trasnparant

make the managment vlan other than vlan 1

put unused port in unused vlan and shut down the ports

enable STP guard or enable portsecurity and limit the number of MAC on that port


make a complex password for login


and use policing to limit the traffic and avoid ant DOs attack

good luck


if helpful Rate

Actions

This Discussion