Security for Cisco 3650 from Attack
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2018 03:53 AM - edited 03-08-2019 03:17 PM
Hi, we are in the process of rebuilding our datacenter.
we are planning to use Cisco 3650 switch (WS-C3650-24TD-S, with UNIVERSAL ios) will handle the L2 role (only vlan switching).
HL Network Diagram is attached below.
all devices have ha (two perimeter firewall, two 3650 switch, 2 vmware host server).
internal /data-center firewall as a virtual firewall running on vmware cluster, and its handle data-center intervlan routing (Vlan 110, 120, 140).
So CISCO 3650 only take Layer2 role (Vlan Tagging).
KINDLY HELP US /ADVICE HOW WE CAN PROTECT OUR INTERNAL SWITCH FROM ATTACK (like DoS /suggest possible protections to internal switch for our design)
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2018 05:16 AM
Hi,
You can:
- configure storm-control under the interfaces
- configuring CoPP policy https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/16-1/configuration_guide/b_161_consolidated_3650_cg/b_161_consolidated_3650_cg_chapter_010001101.pdf
Hope it is useful
:-)
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2018 05:41 AM
In addition to what Julio said, you can harden your switch using different features like:
- storm-control
- CoPP policy for traffic
- Control-plan host to force only a dedicated interface as management with specific features..
- ....
Take a look on official Cisco doc: https://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
