Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
201
Views
0
Helpful
1
Replies

LAN Security - VLAN's, etc.

andy-gerace
Level 1
Level 1

‎11-10-2005 09:50 AM - edited ‎03-03-2019 12:45 AM

From this: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

They mention several threats that I thought I would protect my network against. I have a few questions for anybody who can answer them.

1. They mention using port security to prevent a mac flood. Problem is, that on my 6513 it says that it can only learn 1024 mac addresses when I apply port security. This is not enough for the "specified" 3 per port when using IP phones. Any idea how to get around that?

2. The document mentions to turn off native vlans to prevent a "nested vlan" attack. Problem is that when I turn of native vlan's for my Aironet 1200 AP's they stop passing traffic. Also, on my other trunk links - it just makes the native vlan = vlan 1. Isn't that a bigger threat?

3. On that note - how do I change the management VLAN to be something OTHER than 1?

THANKS to anybody who can answer either all or part of my concerns.

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎11-16-2005 09:22 AM

This is regarding your question on changing the mangement VLAN in a wireless Lan.

You can define static management interface parameters using the configuration wizard. You can also verify or change management interface parameters by following these steps:

Step 1 Enter show interface detailed management to view the current management interface settings. Note that the Management Interface uses the controller's burned-in MAC address.

Step 2 Enter config wlan disable wlan-number to disable each WLAN that is enabled.

Step 3 Enter these commands to define management interfaces:

config interface address management ip-addr ip-netmask [gateway]

config interface vlan management {vlan-id | 0}

Enter 0 for untagged.

config interface port management physical-ds-port-number

config interface dhcp management ip-address-of-primary-dhcp-server [ip-address-of-secondary-dhcp-server]

config interface acl management access-control-list-name

Note To create ACLs, follow the instructions in the controller online help.

Step 4 Enter show interface detailed management to verify that the controller saved your changes. \

For further info on this,visit the following URL.

http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00804ddded.html

0 Helpful
Customers Also Viewed These Support Documents