cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
901
Views
0
Helpful
2
Replies
Highlighted
Beginner

Securing SG300 28P PoE Swtich.

Greeting's, I would like to start by apologizing. I have absolutely no knowledge in switch security management but I've been tasked with it given the shortage of personnel. I have a SG300-28P-PoE switch that needs to be securely configured. I've done the basics of upgrading the firmware to the latest. Given my lack of any experience whatsoever, please include complete procedures (hand holding, I'm sorry).

 

I wanted step-by-step guidance of:

1. Locking down ports by MAC address.

2. DDoS protection.

3. Lock down login from all but 1 IP and only allow browser based SSL login. No TELNET, SSH or other method.

4. Shutting down any services on the switch.

 

Any other recommended security steps to secure the switch.

 

Thanking in advance,

Parth

 

2 REPLIES 2
Highlighted
Contributor

Sorry no time for hand holding today ;) but I want to refer you here: http://sbkb.cisco.com/

I think you can find step by step instructions with screenshots for everything on your list.

 

Item 1 is called "port security" so search for that.   #2 search for "DOS"

 

Good luck!

-- please remember to rate and mark answered helpful posts --
Highlighted
Beginner

Hello Parth,

Thank you for using the Cisco Small Business forums. I am a eContent developer and part of the Small Business Support Community.

Looking over the questions that you've asked, I found a few articles that might help you with the configuration changes you'd like to make:

As Brandon mentioned, the Knowledge Base contains many documents with step-by-step procedures and screenshots for common tasks. Port-security is an excellent solution for the first problem. You can configure ports to lock down when a MAC address is changed:

Port Security

 

The SG300 security suite has many options for protecting against DDOS attacks:

DDOS

 

In regards to disabling/enabling services and restricting access to the web console, this article provides some guidance (uncheck the services that you do not wish to use-- in relation to your question, uncheck all except HTTPS):

Enabling SSH/Telnet/HTTP

 

I hope that these articles help to answer your question. Please remember to mark this question as answered and rate it if it helps to address your issue so other users can benefit from it, and feel free to ask any further questions you might have!

 

Best,

Gunner Grim

Cisco eContent Developer