[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
How to secure link between switches in Layer2
- Subject: How to secure link between switches in Layer2
- From: contact at winterei.se (Paul S.)
- Date: Sat, 25 Mar 2017 21:21:22 +0900
- In-reply-to: <[email protected]>
- References: <[email protected]>
What exactly does "limited trust" mean?
Are you worried they might sniff the data on the link, or?
If so, macsec is really your only remedy.
On 3/25/2017 07:00 PM, Pedro wrote:
> Hello,
>
> Sometimes i have situation that i have to extend my layer2 (access,
> trunk mode) network to third parties with limited trust. Sometimes
> it's L2 MPLS links from isp (1x or 2x), sometimes it's just colocated
> switch. Mostly there are Juniper Ex4200/4300 or and Cisco 3750. Below
> i puts my config but maybe i miss something important ? Or i should
> correct ?
>
> Thanks for help
>
>
> 1.
> If two p2p links: aggregation with LACP
>
> 2.
> stp/rstp in portfast mode on access port
> stp/rstp without portfast mode on trunk port
> rstp root guard
>
> 3.
> on ports facing servers, in portfast mode, bpdu guard
> spanning-tree root guard
>
> 4.
> max amount of mac addresses ie 100
> per port per vlan max mac address
>
> 5.
> 802.1q with vlans, but not vlan 1
>
> 6.
> broadcast storm for bum packets: 10 pps
>
>
> 7.
> static ip - no dhcp servers/clients in vlans
>
> 8.
> cpu monitoring with notification in ie zabbix
>
> 9.
> cdp disable (if cisco)
> dtp disable (if cisco)
>
> 10.
> eventually policer per port or per vlan.
>
>
>
> thanks in advance,
> Pedro
>