Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Putting a switch into a DMZ

Are any rules on configuring a switch (L2 or L3) that will be used to create a DMZ.

Setting off the telnet config to the router is one thing I did also the necessary passwords.

But are there any other configs to "harden" the switch.

Thanks for the help.


Re: Putting a switch into a DMZ

This might help:



New Member

Re: Putting a switch into a DMZ

What you might consider to do that I can think of right away:

1. no ip adress set on any interface

2. log to file on the flash so you have a log even if it's rebooted

3 transparent VTP mode.

4. disable spanning-tree on vlans so it won't block a port if someone manages to send a BPDU (dunno how, but better safe than sorry, hehe)

5. disable cdp

6. set port-security on ports to limit number of MAC-adresses per port

Please feel free to fill in with additions/comments.

New Member

Re: Putting a switch into a DMZ

Thanks for the info.

Nr 6 is indeed a very good tip. I already installed nr 1-5.

CreatePlease login to create content