chloe K wrote:
Hi all
I would like to know what is best way to setup ip in swtich
If the switch ip is not in operation network eg: private ip, I can't see any operation ip in the port of the switch by sh arp. it is only showing all arp in management network
If I use this ip as same as operation network, it increases this switch in risk
Put the switch management on a secure network, put your customer traffic
on a different VLAN or combination of VLANs depending on the complexity
of your network.
For a layer 2 switch, sh arp will only display MAC and IP addresses
associated with traffic to the switch, not through it.
You can use sh mac-address-table (on some some versions the command is
sh mac address-table) to identify layer 2 addresses associated with
traffic going through the switch.
In addition, access-class ACLs on the VTY lines (and snmp and http, if
you use them) are a good thing to limit management to trusted hosts.
--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
