03-02-2009 11:04 PM - edited 03-04-2019 03:47 AM
Hi,
Multiple ISP are terminated on Cisco 2960 Layer2Switch. Need advice on how to secure the switch and connect to the core-network to measure the bandwdith..
(( From the switch connection goes to 3-department, I need to dedicate bandwdith to these department as well, total bandwidth is 2MB now, so need to give 1MB / 512KB / 512KB )
03-03-2009 04:43 AM
i am not sure if 2960 support policing
if yes this is your option to limit the bandwidth
for example to limit the traffic from one port to 512 k
let say all traffic from 10.1.0.0/24 subnet connected to port fa1/0
access-list 100 permit ip 10.1.0.0 0.255.255.255 any
class-map map1
match access-group 100
plicy-map policy1
class map1
police 512000 ecceed-action trasmit violate drop
interface fa0/1
service-policy policy1 input
if there is no policing try to check if there is any traffic aggregater in the switch
HTH
good luck
03-03-2009 10:25 AM
Many Thanks for your reply.
How could I secure the switch and what is required to connect the swtich to the network in a securely manner
03-03-2009 01:27 PM
actually it depends if its connected to end point or not
in gemeral
make the vtp mode trasnparant
make the managment vlan other than vlan 1
put unused port in unused vlan and shut down the ports
enable STP guard or enable portsecurity and limit the number of MAC on that port
make a complex password for login
and use policing to limit the traffic and avoid ant DOs attack
good luck
if helpful Rate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: