cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
555
Views
0
Helpful
2
Replies

Best way to secure your network from ISP?

TM13
Level 1
Level 1

Hi all,

What is the best way to secure your network from ISP? we take 3 branchs fiper optic VPN connections from ISP, they do L2 VLAN each of them, all 3 has our lan ip address and working like a lan, main switch is cisco L3 switch and another L3 switch and one L2 switch. So if ISP configure VLAN with same us they will definitely can access our network, so what is the best way to secure it?

Thanks

2 Replies 2

Julio Garcia
Level 1
Level 1

you could use port security and secure mac addresses that can be learnt on both sides

that way if isp taps in, they would not be able to do anything or reach anything

In my experience though , ISP only 'taps' into a vlan if you have a big problem and they need to troubleshoot.  Personally , i wouldnt get too paranoid with ISP and target security towards real 'outsiders'

another way around is to have 2 separate networks, configure a point to point /30 between them ( on isp vlan) and then use a static arp entry for both ends-- this would need far less configuration than securing all mac addresses etc..

im sure there are lots and lots of different ways, more variety  if you had a layer 3 network .

note : in all these cases, isp can still sniff traffic , only way around this is if you have your own private circuits , or if you do encryption ( using layer 3)

i think in your set up , probably L2 port security best thing to do, audit your network , see the mac addresses learnt, secure the perimeters with your list

Thanks, Rob

I'm just wondering both L3 switch port and L2 switch ports are connected to the fiber media convertors and fiber media convertors connected to the ISP L2 switch and L2 switch configures Untagged vlan on both ports, so if you configure switchport port-security mac-address of L3 switchport on L2 switch?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: