In this chapter, you have learned how to secure your switch infrastructure. Securing your switch infrastructure comprises the following key components:
The first step you should take is to secure management access to the switch. Because the switch has substantial control over the network and how traffic is directed, you must ensure it is secure, as secure as possible. Securing management access consists of the following:
Once you have secured your switch, you can place it on your network and implement security features for connecting devices. Port security and 802.1x allow the switch to control access to ports for hosts based upon parameters such as MAC address or a login name and password. The following methods are available for implementing port security:
Finally, Cisco Catalyst switches include traffic filtering features that allow you to filter traffic based upon Layer 2, 3, and 4 criteria. From a protocol perspective, you can specify that a port forwards only IP, IPX, or AppleTalk/DEC traffic, allowing you to eliminate unnecessary protocols where they are not required. For a more finely grained approach, Catalyst 6000/6500 switches have a VLAN access control list (VACL) feature that filters IP, IPX, or Ethernet traffic at wire speed (requires PFC, PFC2, or PFC3) for an entire VLAN. |