2) Disable *and* change the port number on any http interfaces that might exist.
3) change the local admin password and snmp strings on a regular basis. This is much easier if you've got some sort of automated tool like CiscoWorks.
4) If possible on your cat os/ios version, ditch telnet for SSH.
I managed a network of approx 1300 total nodes, two 6509's, 9 55xx's, and approx 150 2924XL's, used Cisco Secure ACS for TACACS+ access checking NT domain for password confirmations, which of course gave us auditability on all changes, changed snmp community strings monthly, had one local admin id/password with level 15 access that we changed every 3 months. We thought about and tested limiting access to the switches to be from a "management" vlan, but it was a little ugly if you had to make a change in the field or troubleshoot.
[EMAIL PROTECTED] wrote:
Hello all,
Does anyone have any suggestions on how to make a secure configuration on a switch?
I am particularly interested in a secure implementation of a Catalyst 6500 but I don’t really have any more information on what the network will look like.
I know about enabling secret password, changing the default SNMP community strings, filtering connections to the switch itself, using ACLs on VLANs etc, but I would appreciate some more good ideas.
Thanks in advance
__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp
Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
