[c-nsp] what ip should be in switch?
Jay Hennigan
jay at west.net
Mon Feb 23 13:19:38 EST 2009
chloe K wrote:
> Hi all
>
> I would like to know what is best way to setup ip in swtich
>
> If the switch ip is not in operation network eg: private ip, I can't see any operation ip in the port of the switch by sh arp. it is only showing all arp in management network
>
> If I use this ip as same as operation network, it increases this switch in risk
Put the switch management on a secure network, put your customer traffic
on a different VLAN or combination of VLANs depending on the complexity
of your network.
For a layer 2 switch, "sh arp" will only display MAC and IP addresses
associated with traffic to the switch, not through it.
You can use "sh mac-address-table" (on some some versions the command is
"sh mac address-table") to identify layer 2 addresses associated with
traffic going through the switch.
In addition, access-class ACLs on the VTY lines (and snmp and http, if
you use them) are a good thing to limit management to trusted hosts.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the cisco-nsp
mailing list