02-16-2011 12:54 AM - edited 03-10-2019 05:49 PM
Hi all,
Perhaps a stupid question but I find myself unable to find a satisfying answer.
We have a couple of 3560 switches, all connected to 3750 stack. One of those 3560 switches is in a semi-open place place and I have been asked if that could be considered a security risk. Of course, it being in an open place is a risk, but if someone where to unplug the trunk connection to our stack and then plug it in another switch, what would happen?
Should/could we authenticate trunk ports/channel-groups? I have all switches configured to authenticate ssh login and network (mac based) against a radius server, but I have not configured authentication on the trunk ports as I have found descriptions that dot1x cannot be enabled on trunk ports.
Thanks in advance
Chris
Solved! Go to Solution.
02-19-2011 11:50 PM
Hello
I would suggest the following:
>> Arrange for some physical enclosure (locked) or any other physical security control to ensure authorized access to the device. Any technical work-around or band-aid solution should only be temporary. What is someone just switches of your switches? DOS attack!! This could also be done by mistake, resulting in an unstructred threat.
>> Enable monitoring for these switches (ICMP,SNMP) so that you are alerted when they are unplugged.
>> Change the NATIVE VLAN from the default (VLAN 1)
>> Disable Trunk negotiation (ON mode)
Regards
Farrukh
02-19-2011 11:50 PM
Hello
I would suggest the following:
>> Arrange for some physical enclosure (locked) or any other physical security control to ensure authorized access to the device. Any technical work-around or band-aid solution should only be temporary. What is someone just switches of your switches? DOS attack!! This could also be done by mistake, resulting in an unstructred threat.
>> Enable monitoring for these switches (ICMP,SNMP) so that you are alerted when they are unplugged.
>> Change the NATIVE VLAN from the default (VLAN 1)
>> Disable Trunk negotiation (ON mode)
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide