Internet-Switch- Security Config

Unanswered Question
Mar 2nd, 2009
User Badges:

Hi,


Multiple ISP are terminated on Cisco 2960 Layer2Switch. Need advice on how to secure the switch and connect to the core-network to measure the bandwdith..


(( From the switch connection goes to 3-department, I need to dedicate bandwdith to these department as well, total bandwidth is 2MB now, so need to give 1MB / 512KB / 512KB )

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Tue, 03/03/2009 - 04:43
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i am not sure if 2960 support policing

if yes this is your option to limit the bandwidth


for example to limit the traffic from one port to 512 k


let say all traffic from 10.1.0.0/24 subnet connected to port fa1/0


access-list 100 permit ip 10.1.0.0 0.255.255.255 any


class-map map1

match access-group 100


plicy-map policy1

class map1

police 512000 ecceed-action trasmit violate drop


interface fa0/1

service-policy policy1 input


if there is no policing try to check if there is any traffic aggregater in the switch


HTH


good luck

ronald.ramzy Tue, 03/03/2009 - 10:25
User Badges:

Many Thanks for your reply.


How could I secure the switch and what is required to connect the swtich to the network in a securely manner

Marwan ALshawi Tue, 03/03/2009 - 13:27
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

actually it depends if its connected to end point or not

in gemeral

make the vtp mode trasnparant

make the managment vlan other than vlan 1

put unused port in unused vlan and shut down the ports

enable STP guard or enable portsecurity and limit the number of MAC on that port


make a complex password for login


and use policing to limit the traffic and avoid ant DOs attack

good luck


if helpful Rate

Actions

This Discussion