Internet-Switch- Security Config

Unanswered Question
Mar 2nd, 2009


Multiple ISP are terminated on Cisco 2960 Layer2Switch. Need advice on how to secure the switch and connect to the core-network to measure the bandwdith..

(( From the switch connection goes to 3-department, I need to dedicate bandwdith to these department as well, total bandwidth is 2MB now, so need to give 1MB / 512KB / 512KB )

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Tue, 03/03/2009 - 04:43

i am not sure if 2960 support policing

if yes this is your option to limit the bandwidth

for example to limit the traffic from one port to 512 k

let say all traffic from subnet connected to port fa1/0

access-list 100 permit ip any

class-map map1

match access-group 100

plicy-map policy1

class map1

police 512000 ecceed-action trasmit violate drop

interface fa0/1

service-policy policy1 input

if there is no policing try to check if there is any traffic aggregater in the switch


good luck

ronald.ramzy Tue, 03/03/2009 - 10:25

Many Thanks for your reply.

How could I secure the switch and what is required to connect the swtich to the network in a securely manner

Marwan ALshawi Tue, 03/03/2009 - 13:27

actually it depends if its connected to end point or not

in gemeral

make the vtp mode trasnparant

make the managment vlan other than vlan 1

put unused port in unused vlan and shut down the ports

enable STP guard or enable portsecurity and limit the number of MAC on that port

make a complex password for login

and use policing to limit the traffic and avoid ant DOs attack

good luck

if helpful Rate


This Discussion