6500 Series and Security--w/Secure & Non-secure segments
This deals with placing both a secure and non-secure IP segment on a catalyst 6500 series switch.
From the back bone to the 6500 an IP address of 1.1.1.x (Private space). Firewall from there to 10.10.10.y (Public space). Firwewall comes from 6500 back to same 6500.
The management will only be on the 10.10.10.y network. Turn off layer 2 functionality on the switch to stop arp poisoning.
In order to meet these requirements and to understand if I can do place both a secure and non-secure segment on the same 6500 Cat switch. The following configuration is needed:
1.) Connectivity from the internal backbone on the 1.1.1.x segment which is the private company space, to the management module card. If the switch can be compromised at the management level, security is an issue. Can I make the management module card only accessible on the 10.10.10.y segment, which is the public (non-routable) segment and behind the firewall on this same Cat 6500 series switch? And how?
2.) As all switches are vulnerable to arp poisoning, layer 2 functionality would have to be turned off, so as not to be able to get to the secure segment of the switch (10.10.10.y) from the non-secure segment (1.1.1.x), without firewall pass through. VLAN's are not considered secure (www.securityfocus.com). Can I turn off this functionality for these reasons? And how?
Re: 6500 Series and Security--w/Secure & Non-secure segments
Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
If anyone else in the forum has some advice, please reply to this thread.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...