I am running a core 4006 with 15 3548/3550/3560 edge switches - I am starting to move everything out of vlan1 and create dedicated vlans for everything - I am now working on the management of switches I have created a management vlan vlan800 on the core and then disabled vlan1 on a 3550 created ip interface of vlan800 and am now manageing the switch on the new vlan address.
no ip address
ip address 10.*.*.1 255.255.0.0
I know I am going in the right direction but can't seem to find a definitive "how to secure your switched network best practice " document on cisco.com
Can anyone please advise if such a document exists.
I do not think that changing the management vlan is a part of security on switch netwok.
When I think of security I think of network with well defined subnets as per design and requirement and proper vlans for those subnet. Breaking the layer 2 switch network into vlans comes as a part of switched security.
Also applying port securities is very important part of switch secure network.
Some layer 2 switches also support ACLs and higher model switches also supports Private vlans for security
Also read this doc from Cisco "Network Security Policy: Best Practices White Paper"
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...