If your switch is behind your router (I'm assuming Cisco here) so your layout is kind of like:
Internet --> Router --> Switch --> Firewalls --> Etc Why don't you apply an ACL on the external interface to block SNMP traffic? Assuming your router is hardened already, it shouldn't take much to add 1 line to your existing ACL. If your router isn't hardened, you might want to look into that ASAFP. One of my favorite books: http://www.amazon.com/exec/obidos/tg/detail/-/0596001665/qid=1057849468/ sr=8-1/ref=sr_8_1/103-8144069-4704612?v=glance&s=books&n=507846 David Jones Principal Financial Group I/S Information Security 711 High Street Des Moines, IA 50392-0257 Email: [EMAIL PROTECTED] Phone: 515.362.2224 "Any opinions expressed in this message are not necessarily those of the Principal Financial Group." -----Original Message----- From: Jeff Cook [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 4:37 PM To: '[EMAIL PROTECTED]' Subject: RE: [WhatsUp Forum] Monitor Cisco Switch via Serial Cable I have a router for our T1 line and 3 firewalls that connect to it. A hub or switch are the only ways to connect them together. I could of gone with a small little unmanaged hub, but I wanted some ting solid and stable. Also the management features are very nice. Jeff Cook Network Administrator Whatcom Educational Credit Union -----Original Message----- From: Luz Berger [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [WhatsUp Forum] Monitor Cisco Switch via Serial Cable Hi Jeff, Why don't you configure a loopback interface which can only be accessed from inside ? That way you can use SNMP and still have a save internet connection. Just out of interest, what are you doing with a switch on the internet ? Thanks Luz Berger Berger Network Consult -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Cook Sent: Monday, July 07, 2003 11:05 PM To: '[EMAIL PROTECTED]' Subject: [WhatsUp Forum] Monitor Cisco Switch via Serial Cable Has any one used a serial connection to monitor a Cisco switch? I have a switch that I want to monitor by it is on the Internet and I don't want to enable SNMP on the net. It is close to my WUG box and would like to monitor the status of the ports and bandwidth used (MRTG?). Any help would be great. Thank You Jeff Cook Network Administrator Whatcom Educational Credit Union Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
