This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.
CCIE #29033
This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.
You can also follow me on twitter @FE80CC1E
Here are a couple of recommendations from Cisco when it comes to securing layer 2
- STP - Leverage Root Guard and BPDU Guard
- Shutdown unused ports
- Leverage DHCP snooping and DAI (Dynamic Arp Inspection)
- Disable unneeded services
- Use port security to restrict the number of MAC addresses that a port can learn
- Limit management access to a layer 2 switch
- Use SNMPv3
- Do not use the native VLAN to send user data. Create a native VLAN and do not add any ports to it.
This was not mentioned but I would also add PVLAN (Private VLANs) and VACL's where appropriate.
0 comments:
Post a Comment