How to secure link between switches in Layer2

• Previous message (by thread): How to secure link between switches in Layer2
• Next message (by thread): How to secure link between switches in Layer2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What exactly does "limited trust" mean?

Are you worried they might sniff the data on the link, or?

If so, macsec is really your only remedy.

On 3/25/2017 07:00 PM, Pedro wrote:
> Hello,
>
> Sometimes i have situation that i have to extend my layer2 (access, 
> trunk mode) network to third parties with limited trust. Sometimes 
> it's L2 MPLS links from isp (1x or 2x), sometimes it's just colocated 
> switch. Mostly there are Juniper Ex4200/4300 or and Cisco 3750.  Below 
> i puts my config but maybe i miss something important ? Or i should 
> correct ?
>
> Thanks for help
>
>
> 1.
> If two p2p links: aggregation with LACP
>
> 2.
> stp/rstp in portfast mode on access port
> stp/rstp without portfast mode on trunk port
> rstp root guard
>
> 3.
> on ports facing servers, in portfast mode, bpdu guard
> spanning-tree root guard
>
> 4.
> max amount of mac addresses ie 100
> per port per vlan max mac address
>
> 5.
> 802.1q with vlans, but not vlan 1
>
> 6.
> broadcast storm for bum packets: 10 pps
>
>
> 7.
> static ip - no dhcp servers/clients in vlans
>
> 8.
> cpu monitoring with notification in ie zabbix
>
> 9.
> cdp disable (if cisco)
> dtp disable (if cisco)
>
> 10.
> eventually policer per port or per vlan.
>
>
>
> thanks in advance,
> Pedro
>

• Previous message (by thread): How to secure link between switches in Layer2
• Next message (by thread): How to secure link between switches in Layer2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]