Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
4
Helpful
4
Replies

PRE REQ for a client switch to be connected to my network.

ahmad82pkn
Level 3
Level 3

‎01-12-2015 08:26 AM - edited ‎03-07-2019 10:11 PM

Hi, one of our vendor is providing us some solution, they are installing their servers in our network, but not directly, they have a pre configured switch that they want to trunk with our core network.

i need to know what port level config i should be doing on my trunk ports connecting to their switch.

what sort of security measures i should place in?

 

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎01-12-2015 09:08 AM

What vlan(s) are on the new switch ?

Is the switch a Cisco switch ?

Are you running VTP in your network ?

What version of STP are you running and what version are they running on their switch ?

Have you explicitly set one of your switches to be the STP root for all vlans in your network ?

Is there just going to be one connection to the new switch (whether that is a single link or an an etherchannel) or are there going to be dual connections for redundancy ?

If it is going to be dual connected what is it connecting to ie. -

a pair of core/distro switches running HSRP

a stack of switches

4500/6500S running VSS

etc.

Without knowing answers to all the above I would not be letting any vendor connect anything up to your network.

Jon

0 Helpful

ahmad82pkn
Level 3
Level 3
In response to Jon Marshall

‎01-13-2015 06:35 AM

We created two vlans on our core network switch, vlan 33 and vlan 34 and same we are planning to allow over trunk port to their switches.

Yes vendor switches are cisco

yes our core switch is VTP Server. and Their end VTP mode is Transparent with different domain name.

We are using PVST as STP.

Yes core switch is configured to be root for all Vlans with lowest priority that is 4096

Connection will be ether channel LACP , my side is Active.

our end is single Core 6500 with 2 port and their end single 3750 with 2 ports. making ether channel

 

so what you instruct in this scenario :)

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to ahmad82pkn

‎01-13-2015 07:01 AM

From your information you should be okay.

One thing I forgot to ask is who will be managing the switch once it connected to your network ?

If you are not managing the switch then even though you have STP root set on your core an additional measure would be to enable root guard on the port connecting to the new switch.

Also only allow those specific vlans on the trunk connection.

If you aren't managing it then you also need to think about making sure that the vendor cannot access other parts of your network once they connect to the switch.

Jon

ahmad82pkn
Level 3
Level 3
In response to Jon Marshall

‎01-20-2015 04:21 AM

Hi John, Thank you for your valuable information.

we are good after the new connection, followed your points as well.

cheers.

0 Helpful
Customers Also Viewed These Support Documents