Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LAN Security - VLAN's, etc.

From this: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

They mention several threats that I thought I would protect my network against. I have a few questions for anybody who can answer them.

1. They mention using port security to prevent a mac flood. Problem is, that on my 6513 it says that it can only learn 1024 mac addresses when I apply port security. This is not enough for the "specified" 3 per port when using IP phones. Any idea how to get around that?

2. The document mentions to turn off native vlans to prevent a "nested vlan" attack. Problem is that when I turn of native vlan's for my Aironet 1200 AP's they stop passing traffic. Also, on my other trunk links - it just makes the native vlan = vlan 1. Isn't that a bigger threat?

3. On that note - how do I change the management VLAN to be something OTHER than 1?

THANKS to anybody who can answer either all or part of my concerns.

1 REPLY
Silver

Re: LAN Security - VLAN's, etc.

This is regarding your question on changing the mangement VLAN in a wireless Lan.

You can define static management interface parameters using the configuration wizard. You can also verify or change management interface parameters by following these steps:

Step 1 Enter show interface detailed management to view the current management interface settings. Note that the Management Interface uses the controller's burned-in MAC address.

Step 2 Enter config wlan disable wlan-number to disable each WLAN that is enabled.

Step 3 Enter these commands to define management interfaces:

config interface address management ip-addr ip-netmask [gateway]

config interface vlan management {vlan-id | 0}

Enter 0 for untagged.

config interface port management physical-ds-port-number

config interface dhcp management ip-address-of-primary-dhcp-server [ip-address-of-secondary-dhcp-server]

config interface acl management access-control-list-name

Note To create ACLs, follow the instructions in the controller online help.

Step 4 Enter show interface detailed management to verify that the controller saved your changes. \

For further info on this,visit the following URL.

http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00804ddded.html

96
Views
0
Helpful
1
Replies
CreatePlease login to create content