06-07-2018 03:53 AM - edited 03-08-2019 03:17 PM
Hi, we are in the process of rebuilding our datacenter.
we are planning to use Cisco 3650 switch (WS-C3650-24TD-S, with UNIVERSAL ios) will handle the L2 role (only vlan switching).
HL Network Diagram is attached below.
all devices have ha (two perimeter firewall, two 3650 switch, 2 vmware host server).
internal /data-center firewall as a virtual firewall running on vmware cluster, and its handle data-center intervlan routing (Vlan 110, 120, 140).
So CISCO 3650 only take Layer2 role (Vlan Tagging).
KINDLY HELP US /ADVICE HOW WE CAN PROTECT OUR INTERNAL SWITCH FROM ATTACK (like DoS /suggest possible protections to internal switch for our design)
06-07-2018 05:16 AM
Hi,
You can:
- configure storm-control under the interfaces
- configuring CoPP policy https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/16-1/configuration_guide/b_161_consolidated_3650_cg/b_161_consolidated_3650_cg_chapter_010001101.pdf
Hope it is useful
:-)
06-07-2018 05:41 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide