Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1843
Views
0
Helpful
2
Replies

DMZ switch standard configuration

Go to solution
Sagar Hiremath
Level 1
Level 1

‎06-20-2018 11:29 PM - edited ‎03-08-2019 03:25 PM

Hi Team,

I'm currently working on creating a standard configuration for switches connecting the firewalls (DMZ Switch). Can you please suggest what would be considered as the most important commands that can be used in this scenario? Apart from the usual access and trunk ports. 

Also please provide any reference page where i can find the recommended configurations.

Your insights will be much appreciated!

Regards,

Sagar Hiremath

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
STEPAN JANKOVIC
Level 1
Level 1

‎06-21-2018 06:20 AM

Hello,

DMZ switch usually provides the same level of connectivity services as other switches. So if you are able to properly (there are some best practices) configure "trunks and access ports" and  etherchannels, you will be able to provide basic function. I am sure, that your switch will be configured only for L2, no routing.

What is additional factor in DMZ is security. You have to protect the switch from being accessible from untrusted or potentially insecure networks. You have to protect management conectivity by securing acess to VTY by access-lists, limiting connectivity to connectivity from trusted management networks and only using secure protocols. This is only base requirement. You should protect also data plane against unwanted traffic. There is a lot what can be done to "harden" cisco device. You shoud start here:

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

Good luck!

Stepan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
STEPAN JANKOVIC
Level 1
Level 1

‎06-21-2018 06:20 AM

Hello,

DMZ switch usually provides the same level of connectivity services as other switches. So if you are able to properly (there are some best practices) configure "trunks and access ports" and  etherchannels, you will be able to provide basic function. I am sure, that your switch will be configured only for L2, no routing.

What is additional factor in DMZ is security. You have to protect the switch from being accessible from untrusted or potentially insecure networks. You have to protect management conectivity by securing acess to VTY by access-lists, limiting connectivity to connectivity from trusted management networks and only using secure protocols. This is only base requirement. You should protect also data plane against unwanted traffic. There is a lot what can be done to "harden" cisco device. You shoud start here:

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

Good luck!

Stepan

0 Helpful

Go to solution
Sagar Hiremath
Level 1
Level 1
In response to STEPAN JANKOVIC

‎06-21-2018 10:19 PM

Thank you Stepan!

- Sagar Hiremath

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card