Does anyone have any tips on how to improve the security on routers running DLSW ? I am running both WAN to LAN and LAN to LAN DLSW and would like a mechanism that would ensure the controller on the end of my LAN or WAN is verified before permiting communications to the FEP .
The only additional security you could implement at a router level would be to restrict the mac addresses that DLSW will pass traffic for using an access list 700 - 799 and the dmac-output-list parameter on the dlsw remote-peer statement.
Since this uses the destination mac address, you would need to code it with the controller mac address in the router on the FEP side of the connection. It would not prevent any controller from sending an initial test frame but traffic will only be returned to specific mac addresses.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...