Re: IGX / BPX / MGX

fredvas · ‎09-27-2004

Could any one tell me if there is any kind of best practice related to WAN Switches (such as IGX, BPX and MGX) security. ?

umedryk · ‎10-01-2004

Best practices of 5500 switch, if that could help, is discussed in this link: http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml

mimooney · ‎10-05-2004

Hi! I can help you with this. There are only 2 real issues to be concerned with as far as security is concerned on the IGX/BPX/MGX switches. You are concerned with default passwords being used when telnet or dialup is available to the switch, and SNMP access to the switches. Default passwords are floating out in the world and need to be changed. StrataCom user password is not commonly known, and you may not have access to it either, but if you do, change it. Also, SNMP can be used to write changes, retrieve stats files, etc, and needs to be changed to be secure. If you use Cisco WAN Manager, there are several places that the SNMP string to communicate with the switches will need to be changed.

Also, one last thing I thought of. TFTP is used to push software and firmware updates, as well as database topology (save files), to the switches. I would restrict TFTP access to the switches to only the Cisco WAN Manager server if possible. Good luck!

Email me if you have any further questions!

Mikhail Mooney

WAN CCIE #6692

mmooney@cisco.com

fredvas · ‎10-05-2004

Hi Mikhail Mooney,

I really apreciated your help. Thanks a lot for your concern...

Regards Fred Vasconcelos