06-09-2010 10:01 PM - edited 03-06-2019 11:30 AM
Hi All,
I have recently been involved in a project to tidy up the network of my organisation. The following work has been carried out:
- tidied up all cabling (labelled, documented, etc)
- correctly configured all L2 configuration (STP, CDP, VTP, etc)
- configured HSRP between two routes for route redundancy
- implemented monitoring of the network
- documented all configurations (backups off configs stored off site - replicated each evening)
- removed unecessary config from all switches
- standardised aaa security throughout the environment, with local fall back
- restricted access to the switches through ACLs and firewall policies
- configured logging for all devices to central server
- implemented NAC for switchports (access)
Is there anything else I should include?
Appreciate this is very high-level, just want to make sure we are delivering an optimal solution.
Cheers
Darren
06-10-2010 12:54 AM
Hi Darren,
I have following suggestions, see if it fits your requirement.
1. Protect SNMP RO and RW communities using access-lists.
2. DHCP snooping at layer 2
3. Dynamic arp inspection at layer 2
4. IP source guard at layer 2
HTH
Hitesh Vinzoda
Pls rate useful posts.
06-10-2010 10:45 PM
Hi All,
I have recently been involved in a project to tidy up the network of my organisation. The following work has been carried out:
- tidied up all cabling (labelled, documented, etc)
- correctly configured all L2 configuration (STP, CDP, VTP, etc)
- configured HSRP between two routes for route redundancy
- implemented monitoring of the network
- documented all configurations (backups off configs stored off site - replicated each evening)
- removed unecessary config from all switches
- standardised aaa security throughout the environment, with local fall back
- restricted access to the switches through ACLs and firewall policies
- configured logging for all devices to central server
- implemented NAC for switchports (access)
Is there anything else I should include?
Appreciate this is very high-level, just want to make sure we are delivering an optimal solution.
Cheers
Darren
Hi Darren,
Check out the below link and recommendation from cisco for hardening of switches and devices on network.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide