How to secure link between switches in Layer2

• Previous message (by thread): BCP 38 coverage if top x providers ...
• Next message (by thread): How to secure link between switches in Layer2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Sometimes i have situation that i have to extend my layer2 (access, 
trunk mode) network to third parties with limited trust. Sometimes it's 
L2 MPLS links from isp (1x or 2x), sometimes it's just colocated switch. 
Mostly there are Juniper Ex4200/4300 or and Cisco 3750.  Below i puts my 
config but maybe i miss something important ? Or i should correct ?

Thanks for help


1.
If two p2p links: aggregation with LACP

2.
stp/rstp in portfast mode on access port
stp/rstp without portfast mode on trunk port
rstp root guard

3.
on ports facing servers, in portfast mode, bpdu guard
spanning-tree root guard

4.
max amount of mac addresses ie 100
per port per vlan max mac address

5.
802.1q with vlans, but not vlan 1

6.
broadcast storm for bum packets: 10 pps


7.
static ip - no dhcp servers/clients in vlans

8.
cpu monitoring with notification in ie zabbix

9.
cdp disable (if cisco)
dtp disable (if cisco)

10.
eventually policer per port or per vlan.



thanks in advance,
Pedro

• Previous message (by thread): BCP 38 coverage if top x providers ...
• Next message (by thread): How to secure link between switches in Layer2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]