Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Which interface should be put into Security Management VLAN?

May I ask a very basic question?

Which interface should be put into Security Management VLAN? eth0 or eth1?

Thanks,

Cedar

6 REPLIES

Re: Which interface should be put into Security Management VLAN?

What do you mean by "Security Management VLAN"?

Ideally you should leave MARS to use one port (with default route) for all polling/device telnet etc.

And the second one for OOB management. This port should be in the same subnet as the management/secop guy. As MARS can have default route only on one of its interfaces.

Regards

Farrukh

New Member

Re: Which interface should be put into Security Management VLAN?

It's from the Book, Security Monitoring with Cisco Security MARS.

It says:

As a best practice, you should create a network as a security management network if you don't already have one. This network should contain various servers used for administering and monitoring the security of your network. The entire network should be protected by a firewall and IDS/IPS. Access to it should be tightly restricted, and any remote access to it should be through a Virtual Private Network (VPN).

MARS has eth0 and eth1 and they need to be in seperate network. So, I am not sure if this book recommends to put eth0 or eth1 to the Security Management Network.

Thanks,

Cedar

Silver

Re: Which interface should be put into Security Management VLAN?

Put ethernet 1 on your management network. Its hardware has more memory and will refresh your screen faster. This also makes your MARS box less susceptible to DOS on your production network.

You will need to go into the CLI and add a route for the Ethernet 1 so you can access the box.

Ethernet 0 will be the interface which receives all syslogs and netflow. Its IP address needs to be able to reach the default gateway you configure on the box.

Hope this helps.

New Member

Re: Which interface should be put into Security Management VLAN?

I think I am confused about what the book says and need a help on the question of which port should I put in the security network that is protected by firewall and IDS/IPS? Another words, which port, etho or eth1, do you protect by your firewall and IDS/IPS?

Thanks,

Cedar

Re: Which interface should be put into Security Management VLAN?

Technically you should protect both :)

But the book is talking about the 'port' used for management. For example only host 10.10.10.4 and 5 are allowed to manage the MARS box.

You can put ACL that port 22,443 etc from those two IPS is the only traffic allowed, rest block all.

Regards

Farrukh

Silver

Re: Which interface should be put into Security Management VLAN?

Hi Farrukh,

Spot-on answer and a "5" from NYC.

Paul

149
Views
15
Helpful
6
Replies