Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
2
Replies

protecting my layer 2 network

mschomburg
Level 1
Level 1

‎10-15-2004 05:57 AM - edited ‎03-02-2019 07:18 PM

Part of my network consists of 2950 10/100 ports that are leased to convention center guests, which I have very little control over. Until recently my interface config was very simple:

Interface FastEthernet0/1

no ip address

spanning-tree portfast

In working through an h323 video problem with a guest, he commented that he could easily hijack my spanning-tree topology. After some research I am contemplating adding the following commands:

no cdp enable

switchport mode access

spanning-tree bpduguard enable

Does anyone have suggestions about these or other methods to secure my layer 2 topology? TIA.

Labels:
0 Helpful
2 Replies 2

david.bradley
Level 1
Level 1

‎10-15-2004 06:05 AM

this guest has connections to more than one switchport? You could use bpdu filter to stop both in and outgoing bpdus from the port.

Dave

0 Helpful

milan.kulik
Level 10
Level 10

‎10-18-2004 12:13 AM

Hi,

what about port security http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/swtrafc.htm#wp1038501

(if you know MAC addresses of the connected devices) or

802.1x http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12120ea2/2950scg/sw8021x.htm ?

There should also L2 NAC (Network Admition Control) be available in near future...

Regards,

Milan

0 Helpful
Customers Also Viewed These Support Documents