Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Layer 2 edge switch management

A layer 2 edge switch between an Internet router and the outside interface of a firewall could have a public IP address for the vlan interface for switch management. Another setup is to assign a private IP address from the internal management vlan to the vlan interface of the edge switch. Then assign a port in the management vlan on the edge switch and connect that port with a network cable to a port on the management vlan on the management switch on the inside of the firewall. This setup will only work if both switches are physically close enough. Which is more secure? Is there another option or what is the best security practice for in-band management on an Internet edge switch?

Thanks,

RJ

7 REPLIES

Re: Layer 2 edge switch management

Our security policy dictates no management IP, so we use a console server to manage all public facing devices. Otherwise your second scenario is probably a hair safer than using a public IP.

New Member

Re: Layer 2 edge switch management

Thanks for the reply. So how do you monitor the switch (i.e. syslogs)?

Re: Layer 2 edge switch management

Either through a firewall or in certain devices we're not allowed too :-(

New Member

Re: Layer 2 edge switch management

Is there a documnet for security best practices on Internet edge device monitoring?

Re: Layer 2 edge switch management

I don't know of any from Cisco, but the gov't has some.

http://iase.disa.mil/ditscap/ditscap-to-diacap.html#diacap

HTH and please rate if it does.

New Member

Re: Layer 2 edge switch management

I am not sure what document you are suggesting.

Re: Layer 2 edge switch management

Probably because I gave you the wrong link!

http://iase.disa.mil/stigs/stig/

About half way down you should see Network.

406
Views
0
Helpful
7
Replies
CreatePlease to create content