ACL for Cat2950 security

Discussion in 'Cisco' started by Vorta, Feb 10, 2005.

  1. Vorta

    Vorta Guest

    Hello:

    I'm going to put a Catalyst 2950-24 on, connecting to our provider via
    Ethernet. I already programmed an access-list for the vty interfaces,
    and an access-list for ip http access, I need it for Cisco Network
    Assistant program.

    Is there any other access-lists I need to protect the switch itself? I
    assigned an IP to it for monitoring purposes, I usually put these
    managed switches behind the firewall but this one is going to be
    infront of it.

    TIA,

    J.
     
    Vorta, Feb 10, 2005
    #1
    1. Advertising

  2. What I have done in the past in these situations is this:-

    Have a management vlan on the switch and have the ip for management on
    there. The side that faces the internet/untrusted area leave as an
    unmanaged vlan so no access can be got to it. It's also a good idea to put
    access-classes on the telnet lines, if you've not already.

    LH

    "Vorta" <> wrote in message
    news:...
    > Hello:
    >
    > I'm going to put a Catalyst 2950-24 on, connecting to our provider via
    > Ethernet. I already programmed an access-list for the vty interfaces,
    > and an access-list for ip http access, I need it for Cisco Network
    > Assistant program.
    >
    > Is there any other access-lists I need to protect the switch itself? I
    > assigned an IP to it for monitoring purposes, I usually put these
    > managed switches behind the firewall but this one is going to be
    > infront of it.
    >
    > TIA,
    >
    > J.
    >
     
    Leigh Harrison, Feb 10, 2005
    #2
    1. Advertising

  3. Vorta

    Vorta Guest

    Interesting. Pardon my ignorance, but
    How would I do what you proposed? right now, everything is on "VLAN1" I
    think.

    TIA,

    John.
    Leigh Harrison wrote:
    > What I have done in the past in these situations is this:-
    >
    > Have a management vlan on the switch and have the ip for management

    on
    > there. The side that faces the internet/untrusted area leave as an
    > unmanaged vlan so no access can be got to it. It's also a good idea

    to put
    > access-classes on the telnet lines, if you've not already.
    >
    > LH
    >
    > "Vorta" <> wrote in message
    > news:...
    > > Hello:
    > >
    > > I'm going to put a Catalyst 2950-24 on, connecting to our provider

    via
    > > Ethernet. I already programmed an access-list for the vty

    interfaces,
    > > and an access-list for ip http access, I need it for Cisco Network
    > > Assistant program.
    > >
    > > Is there any other access-lists I need to protect the switch

    itself? I
    > > assigned an IP to it for monitoring purposes, I usually put these
    > > managed switches behind the firewall but this one is going to be
    > > infront of it.
    > >
    > > TIA,
    > >
    > > J.
    > >
     
    Vorta, Feb 10, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. sPiDEr
    Replies:
    2
    Views:
    2,637
    Scott Carter
    Jul 14, 2003
  2. Shad T
    Replies:
    0
    Views:
    650
    Shad T
    Jun 29, 2004
  3. Replies:
    7
    Views:
    3,147
  4. Vimokh
    Replies:
    3
    Views:
    5,712
    Vimokh
    Sep 6, 2006
  5. Giuen
    Replies:
    0
    Views:
    1,001
    Giuen
    Sep 12, 2008
Loading...

Share This Page