Connecting Media Converter to CISCO Switch 9300

NelsonSJ · ‎01-29-2022

Dear Gentlemen,

Kindly need your support on our setup connecting Media Converter to CISCO Switch 9300. Is there any security risk on this setup? And the connection between MC to Switch is configured as Access port because if the configuration is Trunk/uplink unable to communicate.

In addition, I need to know if there is a secured connection this way.

and the Network Team not allowing this setup. Can somebody give an answer why not allowed?

Thanks and Advance!

balaji.bandi · ‎01-29-2022

I agreed with your security department, in this generation dumb switches are gone almost, instead, you have managed switch, which easy way to secure the network, one should think cost vs security, once breach took place - all the network will be down due to one small mistake of introducing dumb switch in to network,

Still, you force to use it at risk - you can request the security team to apply port security (this will have bit management )

(config)#interface ten1/1/1 or gi1/1/1
(config-if)#switchport port-security
(config-if)#switchport port-security maximum 3  (this means allow only 3 MAC Address on the port)

There is a good published test - switch with unmanaged switch :

https://packetpushers.net/fun-with-unmanaged-switches-port-security/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎01-30-2022

Hello,

--> and the Network Team not allowing this setup. Can somebody give an answer why not allowed?

What reasons does not network team for not allowing this topology ? If you want this to to be a secure connection, what do you wan to be protected against ? Rogue DHCP servers can be an issue, so can MAC spoofing. Typically, DHCP Snooping, IP Source Guard and Dynamic ARP Inspection can be configured on the 9300. It would be interesting to see what is currently configured on the 9300, and what additional features you are allowed to add.