Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
2
Replies

Layer 2 Trunk Port Security

csn000004
Level 1
Level 1

‎12-17-2015 10:05 PM - edited ‎03-08-2019 03:08 AM

Dear All,

I have layer-2 link between our Primary and DR sites on which SAN data replicate. It has to be layer-2 due to SAN limitation. It is running on trunk and allowed VLANs are 2. I need to enable the maximum security on that link. Can you please guide me how to do that on Trunk ports? Please help.

Below is the configuration on interface.

!
interface GigabitEthernet0/36
description MPLS 40Mbps testing link
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 597,598
switchport mode trunk
no cdp enable

Labels:
0 Helpful
2 Replies 2

devils_advocate
Level 7
Level 7

‎12-18-2015 12:18 AM

You have already added a level of security by manually allowing only the Vlans which are needed.

I guess you could use the #switchport nonegotiate command to stop each side sending DTP messages but I am not sure if this is going to give you much extra security.

Port security tends to be used on Access Ports to restrict how many hosts and their associated MAC addresses can use that port but I am unsure if it works on a Trunk link? Would it be of much use on a Trunk link considering how many hosts and MAC addresses may need to go across it?

0 Helpful

csn000004
Level 1
Level 1
In response to devils_advocate

‎12-18-2015 12:47 AM

Dear Laurie

I am looking for some L2 tunnel which supports encryption as well Like L2TPV3. I havnt done it before in my career, Looking for some advise. 

0 Helpful
Customers Also Viewed These Support Documents