I have recently been involved in a project to tidy up the network of my organisation. The following work has been carried out:
- tidied up all cabling (labelled, documented, etc)
- correctly configured all L2 configuration (STP, CDP, VTP, etc)
- configured HSRP between two routes for route redundancy
- implemented monitoring of the network
- documented all configurations (backups off configs stored off site - replicated each evening)
- removed unecessary config from all switches
- standardised aaa security throughout the environment, with local fall back
- restricted access to the switches through ACLs and firewall policies
- configured logging for all devices to central server
- implemented NAC for switchports (access)
Is there anything else I should include?
Appreciate this is very high-level, just want to make sure we are delivering an optimal solution.