07-28-2017 07:15 AM - edited 02-21-2020 06:12 AM
Hello all,
I have always read how it is the best security practice to put unused ports on switch/router into shutdown state. However, at work they put them in unused VLAN which serves just for this purpose.
The only config on that interface:
#switchport mode access
#switchport access vlan 111
By the way, VLAN 111 is active.
I searched a lot on this topic but still do not have the answer. Is it a good security practice? And is it better than shutting down the ports?
Thank you very much for any help :)
Solved! Go to Solution.
08-05-2017 11:47 PM
Personally I would shut them down. It's no more effort to enable versus change their VLAN when they are in use. In fact, you could argue 'no shut' is easier to type than 'switchport access vlan xx' :-)
I know in the case of auditors, they say ports should be disabled when not used. Some companies, and more highly restricted networks, specify that ports are not only shut down, but their network ports are completely unpatched from the switch as well.
Back in the day of 'vlan hopping', shutdown was certainly the best method. I'd stick with it.
08-05-2017 11:47 PM
Personally I would shut them down. It's no more effort to enable versus change their VLAN when they are in use. In fact, you could argue 'no shut' is easier to type than 'switchport access vlan xx' :-)
I know in the case of auditors, they say ports should be disabled when not used. Some companies, and more highly restricted networks, specify that ports are not only shut down, but their network ports are completely unpatched from the switch as well.
Back in the day of 'vlan hopping', shutdown was certainly the best method. I'd stick with it.
08-11-2017 02:54 PM
Hi,
Shutdown is the best and most secure option.
If VLAN111 is enabled, users can abuse that VLAN to create there own uncontrolled private network.
Just my 2 cents.
S.O.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide