[EMAIL PROTECTED] wrote:
just a qucik question to see if theres some simple
option. For operational reasons we have to send
a trunk link down to a customer location...in this case
we are wary (as they may move..with the kit that was at
the other end..and someone else will connect to the link
and get themselves a nice trunk link with various
VLANs etc. we will restrict the VLANs going to
the switch (to their service VLAN and the switch management
VLAN) but I was wondering if there was an alternative
way of delivering their service VLAN (2950t series switch)
or of securing the setup a bit more.... a basic
MAC ACL for the management VLAN is a given.
You could put port security with action shutdown on the management vlan
(assuming it is native/untagged) - if someone plugs in something else
the port will be shut.
Or similarly, 802.1x, although i'm not sure if you can send multiple
vlans with that on 2950s.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
