[c-nsp] securely sending a trunk link
Will Hargrave
will at harg.net
Wed Sep 24 16:58:57 EDT 2008
A.L.M.Buxey at lboro.ac.uk wrote:
> just a qucik question to see if theres some simple
> option. For operational reasons we have to send
> a trunk link down to a customer location...in this case
> we are wary (as they may move..with the kit that was at
> the other end..and someone else will connect to the link
> and get themselves a nice trunk link with various
> VLANs etc. we will restrict the VLANs going to
> the switch (to their service VLAN and the switch management
> VLAN) but I was wondering if there was an alternative
> way of delivering their service VLAN (2950t series switch)
> or of securing the setup a bit more.... a basic
> MAC ACL for the management VLAN is a given.
You could put port security with action shutdown on the management vlan
(assuming it is native/untagged) - if someone plugs in something else
the port will be shut.
Or similarly, 802.1x, although i'm not sure if you can send multiple
vlans with that on 2950s.
More information about the cisco-nsp
mailing list