At the very least, a separate VLAN. Not just for security, if the switch gets flooded or caught in a layer 2 loop, at least you stand a chance of managing it if SC0 is isolated.
Glenn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Hoskins Sent: Monday, January 14, 2002 3:04 PM To: [EMAIL PROTECTED] Subject: 'switch security' Ken Milder wrote: > Most switches support remote management features like web interfaces, > SNMP, telnet, etc. Paul Robertson wrote: > In-band management wasn't good for the phone system, and it's not good > for IP networks. Some people have dedicated management networks, making your definition of 'in-band' equivalent to 'out of band' for those folks. That said, I /know/ noone in charge of network security enables web interfaces, or allows SNMP/telnet to be accessed via a public network. Later, -Mike -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." --Benjamin Franklin _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
