Ideas to Secure 3750G @ L2

dmoorefnlc · ‎05-31-2005

Topology is

Inett--ISP switch--802.1q Trunk--Cat3750g---Firewall

My switch is directly on the internet. I am wanting some ideas as how to secure it.

The 3750g is doing layer 2 to the ISP switch. I want to pull SNMP from the switch thru the firewall and allow telnet/ssh from firewall to 3750G

In the past I have used a Layer 3 ACL that allows only a specific IP subnet access to SNMP and to the VTY ports.

But since my switch is Layer 2 I am somewhat stumped as to how I can apply and use a Layer 2 ACL to do the same things.

The 3750G guide to using L2 ACL's didn't help.

Thanks

r.sneekes · ‎06-01-2005

Why wouldn't u be able to use vty access-list on this switch?

In fact u can use these vty snmp access-list on all cisco l2 or l3 switches. All that is needed is a ip address on the switch for managment purposes.

paddyxdoyle · ‎06-01-2005

Hi,

The fact that you are not using layer 3 routing on your switch doesn't mean you can't use a layer 3 access list to protect your switch.

All switches have the ability to create a layer 3 management interface and thus you can use an access-list to secure this interface and also a similar access list to provide SNMP filtering

HTH

Paddy

dmoorefnlc · ‎06-01-2005

Thanks! Guess I over analyzed at the l2 level to the point of the absurd. ;)

Guess those 24 wine coolers over the weekend killed alot more brain cells that I thought. ;)