Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
2
Replies

What else can I do to improve my network?

darren-carr
Level 2
Level 2

‎06-09-2010 10:01 PM - edited ‎03-06-2019 11:30 AM

Hi All,

I have recently been involved in a project to tidy up the network of my organisation. The following work has been carried out:

- tidied up all cabling (labelled, documented, etc)

- correctly configured all L2 configuration (STP, CDP, VTP, etc)

- configured HSRP between two routes for route redundancy

- implemented monitoring of the network

- documented all configurations (backups off configs stored off site - replicated each evening)

- removed unecessary config from all switches

- standardised aaa security throughout the environment, with local fall back

- restricted access to the switches through ACLs and firewall policies

- configured logging for all devices to central server

- implemented NAC for switchports (access)

Is there anything else I should include?

Appreciate this is very high-level, just want to make sure we are delivering an optimal solution.

Cheers

Darren

Labels:
0 Helpful
2 Replies 2

Hitesh Vinzoda
Level 4
Level 4

‎06-10-2010 12:54 AM

Hi Darren,

I have following suggestions, see if it fits your requirement.

1. Protect SNMP RO and RW communities using access-lists.

2. DHCP snooping at layer 2

3. Dynamic arp inspection at layer 2

4. IP source guard at layer 2

HTH

Hitesh Vinzoda

Pls rate useful posts.

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎06-10-2010 10:45 PM 

Hi All,
I have recently been involved in a project to tidy up the network of my organisation. The following work has been carried out:
- tidied up all cabling (labelled, documented, etc)
- correctly configured all L2 configuration (STP, CDP, VTP, etc)
- configured HSRP between two routes for route redundancy
- implemented monitoring of the network
- documented all configurations (backups off configs stored off site - replicated each evening)
- removed unecessary config from all switches
- standardised aaa security throughout the environment, with local fall back
- restricted access to the switches through ACLs and firewall policies
- configured logging for all devices to central server
- implemented NAC for switchports (access)
Is there anything else I should include?
Appreciate this is very high-level, just want to make sure we are delivering an optimal solution.
Cheers
Darren

Hi Darren,

Check out the below link and recommendation from cisco for hardening of switches and devices on network.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card