I have a 3560G used as a router. This switch is routing packets between untrusted networks.
I can connect to it using one of its operational IPs. But I am wondering if there would be a way to define a kind of management (IP or physical) interface which could be used only for management purposes (snmp, telnet, syslog).
There is this kind of management interface on a alteon 2208 for example, or on some juniper netscreen firewall (ISG1000). This management interface would have a separate routing table from the operation one.
In other words, I would like to completely separate the operation from the management fir the switch.
For switches, we typically recommend you use a separate management VLAN for this purpose, and only put your designated management port or ports in this VLAN. In a sense, you now have physical ports that are isolated from the rest of the traffic flow on the device.
It is a switch, but we use it as a router, with interface vlans. If I just configure a management vlan, and put my physical management port in this vlan, there may be routing between my operation network and my administration network, which is a security concern.
That's why I would like to forbid routing to and from this management interface vlan...
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...