Securing Internet Edge Switch

I am fairly familiar with hardening of Cisco routers acting as an internet gateway, like enabling SSH and blocking inbound access to private range IP addressing via ACLs, disabling , but what about switches?   Is there a best practice on configuring a switch that is being used as a L3 device for internet access?
Thanks...
Andy

Hi,
For L3 switch @ internet edge, you can use the similar security restrictions (ACLs, disabling services that is not needed etc) and inaddition 'admin down' the ports that are not being used. In addition to that if the switch IP not required to advertise to interenet, do not add the default route (you may need this incase of L3 behaviour, but you can judge better).
hth
MS

Similar Messages

  • ASA for internet edge and internal zones

    Hi,
    Has anyone used a pair of ASA 5520s in HA to firewall the internet edge and to firewall traffic between internal security zones such as web and application layers? If so, is this best done using different security levels or contexts?
    I'm thinking of using a routed context for securing the internet edge and then using seperate contexts for the web and application networks. Conexts will route via a L3 switch.
    Thanks,

    Thanks Varun
    I will probably configure the ASA in routed single mode and use security levels between the different zones. There is only 1 ISP in this enviroment and I also need to support VPN termination on the internet edge.
    In terms of sizing, the internet connection will be 300Mbps and the firewall throughput between zones needs to be above 500Mbps. I'm just thinking that the 5520 in active/standby will handle the internet bandwidth requirements but not the inter-zone requirements. Which model of ASA will be a good fit here?
    Thank you.

  • ACL's on the Internet Edge Routers

    I have one query on ACL's on the internet edge routers. If we configure the ACL's as per the below weblink on the edge routers, we may not get all the logs on the firewall as the traffic is filtered at the router level and we donot enable logging on the router.
    http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
    Unless we enable IDS on this segment there is no way of knowing any attacks towards the firewall or the router itself. I need some comments from security experts on this kind of implementation.
    Thank You very much,

    Hello Avil,
    You need to necessarily need to have an IPS on your segment to know all the attacks hitting your network !!!!! with the anti-spoof ACL applied, as given above, you are only blocking standard protocols or ports coming inside your network.. there can still be attacks on known ports that you are allowing.. if i had to capture that, i would either put an IPS on my network (or SSM card with ASA) or enable logging on devices and put a CS-MARS on my network.. MARS is an extremely useful device, focussed on increasing LAN security with real-time maps on attacks and it also will say how to stop the attack !!!! so, i guess only a couple of options here for you.... not sure if anyone else have any other options...
    Hope this helps.. all the best..
    Raj

  • I cannot connect to the internet after switching providers.  I've changed the email address associated with the new account but am sure there is something else I need to change.  Can anyone help me?

    I cannot connect to the internet after switching providers.  I've changed the email address associated with the new account but am sure there is something else I need to change.   I have also changed the apple information as well including user name and password.  Can anyone help me?  (This is an ipad question).

    Apple ID: Changing your Apple ID
    http://support.apple.com/kb/ht5621
    Using your Apple ID for Apple services
    http://support.apple.com/kb/HT4895
    Apple ID: What to do after you change your Apple ID
    http://support.apple.com/kb/HT5796?viewlocale=en_US&locale=en_US
    iTunes Store: Associating a device or computer to your Apple ID
    http://support.apple.com/kb/ht4627
    iOS: Changing the signed-in iTunes Store Apple ID Account
    http://support.apple.com/kb/ht1311
    Some things to try first:
    1. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
    2. Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
    3. Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at
    http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
    4. Go into your router security settings and change from WEP to WPA with AES.
    5.  Renew IP Address: (especially if you are drooping internet connection)
        •    Launch Settings app
        •    Tap on Wi-Fi
        •    Tap on the blue arrow of the Wi-Fi network that you connect to from the list
        •    In the window that opens, tap on the Renew Lease button
    6. Potential Quick Fixes When Your iPad Won’t Connect to Your Wifi Network
    http://ipadinsight.com/ipad-tips-tricks/potential-quick-fixes-when-your-ipad-won t-connect-to-your-wifi-network/
    ~~~~~~~~~~~~~~~~~~~~~~~~~
    Fix WiFi Issue for iOS 7
    http://ipadnerds.com/fix-wifi-issue-ios-7/
    iOS 6 Wifi Problems/Fixes
    Wi-Fi Fix for iOS 6
    https://discussions.apple.com/thread/4823738?tstart=240
    How To: Workaround iPad Wi-Fi Issues
    http://www.theipadfan.com/workaround-ipad-wifi-issues/
    Another Fix For iOS 6 WiFi Problems
    http://tabletcrunch.com/2012/10/27/fix-ios-6-wifi-problems-ssid/
    Wifi Doesn't Connect After Waking From Sleep - Sometimes increasing screen brightness prevents the failure to reconnect after waking from sleep. According to Apple, “If brightness is at lowest level, increase it by moving the slider to the right and set auto brightness to off.”
    Fix For iOS 6 WiFi Problems?
    http://tabletcrunch.com/2012/09/27/fix-ios-6-wifi-problems/
    Did iOS 6 Screw Your Wi-Fi? Here’s How to Fix It
    http://gizmodo.com/5944761/does-ios-6-have-a-wi+fi-bug
    How To Fix Wi-Fi Connectivity Issue After Upgrading To iOS 6
    http://www.iphonehacks.com/2012/09/fix-wi-fi-connectivity-issue-after-upgrading- to-ios-6.html
    iOS 6 iPad 3 wi-fi "connection fix" for netgear router
    http://www.youtube.com/watch?v=XsWS4ha-dn0
    Apple's iOS 6 Wi-Fi problems
    http://www.zdnet.com/apples-ios-6-wi-fi-problems-linger-on-7000004799/
    ~~~~~~~~~~~~~~~~~~~~~~~
    iPad: Issues connecting to Wi-Fi networks
    http://support.apple.com/kb/ts3304
    How to Boost Your Wi-Fi Signal
    http://ipad.about.com/od/iPad_Troubleshooting/a/How-To-Boost-Your-Wi-Fi-Signal.hmL
    Troubleshooting a Weak Wi-Fi Signal
    http://ipad.about.com/od/iPad_Troubleshooting/a/Troubleshooting-A-Weak-Wi-Fi-Signal.htm
    How to Fix a Poor Wi-Fi Signal on Your iPad
    http://ipad.about.com/od/iPad_Troubleshooting/a/How-To-Fix-A-Poor-Wi-Fi-Signal-O n-Your-iPad.htm
    iOS Troubleshooting Wi-Fi networks and connections  http://support.apple.com/kb/TS1398
    iPad: Issues connecting to Wi-Fi networks  http://support.apple.com/kb/ts3304
    WiFi Connecting/Troubleshooting http://www.apple.com/support/ipad/wifi/
    How to Fix: My iPad Won't Connect to WiFi
    http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect -To-Wi-Fi.htm
    iOS: Connecting to the Internet http://support.apple.com/kb/HT1695
    iOS: Recommended settings for Wi-Fi routers and access points  http://support.apple.com/kb/HT4199
    How to Quickly Fix iPad 3 Wi-Fi Reception Problems
    http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
    iPad Wi-Fi Problems: Comprehensive List of Fixes
    http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
    Connect iPad to Wi-Fi (with troubleshooting info)
    http://thehowto.wikidot.com/wifi-connect-ipad
    10 Ways to Boost Your Wireless Signal
    http://www.pcmag.com/article2/0,2817,2372811,00.asp
    Fix iPad Wifi Connection and Signal Issues  http://www.youtube.com/watch?v=uwWtIG5jUxE
    Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
    How To Fix iPhone, iPad, iPod Touch Wi-Fi Connectivity Issue http://tinyurl.com/7nvxbmz
    Unable to Connect After iOS Update - saw this solution on another post.
    https://discussions.apple.com/thread/4010130
    Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
    Some Wi-Fi losses may stem from a problematic interaction between Wi-Fi and cellular data connections. Numerous users have found that turning off Cellular Data in Settings gets their Wi-Fi working again.
    You may have many apps open which can possibly cause the slowdown and possibly the loss of wifi. In iOS 4-6 double tap your Home button & at the bottom of the screen you will see the icons of all open apps. Close those you are not using by pressing on an icon until all icons wiggle - then tap the minus sign. For iOS 7 users, there’s an easy way to see which apps are open in order to close them. By double-tapping the home button on your iPhone or iPad, the new multitasking feature in iOS 7 shows full page previews of all your open apps. Simply scroll horizontally to see all your apps, and close the apps with a simple flick towards the top of the screen.
    Wi-Fi or Bluetooth settings grayed out or dim
    http://support.apple.com/kb/TS1559
    ~~~~~~~~~~~~~~~
    If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
     Cheers, Tom

  • Internet Edge Router and the Firewall

    What is the best way to monitor an Internet Edge router from the Internal network behind the Firewall?
    We want to pull more information from the edge router like netflow.  We can use SNMPv3 and ACLs to keep the router secure.
    But I am looking for the best config to keep both the router and firewall as secure as possible while still allowing us to monitor performance and faults.
    I am running an ASA and a 2821.

    I'd start with locking down the router configuration if you haven't already. Cisco Configuration Professional (free) offers a nice GUI for analyzing and delivering all the necessary commands to secure the router.
    Getting Netflow from your router doesn't add much more than getting it from your ASA.
    If you're querying through the firewall to the routers using SNMPv3 (and have deleted the v1/v2 communities) that's one good step. The only other thing I might suggest is sending syslogs to your management system from the router. To do that you'll need to add an access-list and probably a NAT entry to your firewall to allow the incoming syslog traffic.
    Most important beyond all the technology is to make sure that your people follow a process to regularly analyze and act upon the information being reported and gathered. Without that all the rest isn't worth the time it take to implement it.

  • IPS 4270 placement @ Internet Edge

    Given that I have same topology as shown in Internet Edge Cisco IPS Design Best Practices  and basically inserting 4270 Appliance into an INLINE mode.
    Core and Distribution Switch  = Layer-3 routed links
    Distribution Switch and ASA = Layer-2 access port
    I'm wondering how IPS sensors be configured? I think I understand belows method but since my Core/Distrib is a layer-3 links, not sure which method gonna work since most require two vlans ...
    1. Interface Pairing
    2. VLAN Pairing
    3. VLAN Group
    Anyone has same experience?
    Thanks in advance ...
    Gerard

    I have a 4270-20 positioned at the edge of my network.  It sits between the outside of the firewall and our Internet router.  The only problem with this model is that it makes tracking down threats very difficult, as the only thing you will ever see are the NAT'd public IPs for all your traffic.
    To get around this limitation, we created an addition interface in promiscuous mode and we SPAN the traffic on the link between our core switch and the internal interface of our firewall to it.  This gives us complete outside protection and inside visibility.  This is still not an ideal setup and we are in the process of re-architechting our internal traffic so that we can run two in-line pairs on the IPS.  One internal, and one external.
    The best way to go, is having the IPS in the firewall itself, but throughput on firewalls is often a concern, and unfortunately for Cisco, quite a limitation.

  • How to identify that a host is connected to which particular edge switch

    Hello Guys
    Can anybody explain how to identify that a host is connected to which particular edge switch and port in a Cisco SAN Fabric ??

    Hi,
    Hopefully you know the host PWWN. 
    If the edge switch is not in NPV mode, get the FCID from the output of "show fcns database"
    The answer may also be as simple as finding this entry in the "show fcns database detail".
    If not, once you have the fcid, the first byte of the fcid is the switch domain ID. With the combination of "show fcdomain domain-list vsan xx" "show fcs ie" you should be able to determine what you need.
    If the edge switch is in NPV and registers as a NPV device ( Cisco switches do ), then the FCID will be assigned by the core switch upstream of that edge switch.   You can see this from a "show flogi database".  Find the PWWN here.  There will likely be multiple entries for the port where the host is connected.  Once you find the port where the NPV switch is attached.  The first flogi entry on that port will be the switch WWN.  Get the FCID for the switch and then find the entry for this FCID in the "show fcns database detail", this will give you the switch information.
    Best regards,
    Jim

  • Problem: DVD player crashed in Mavericks 10.9. Solution: Download free player VLC from internet and switch preferences to that player. No more problems. God Bless.

    Problem: DVD player crashed in Mavericks 10.9. Solution: Download free player VLC from internet and switch preferences to that player. No more problems. God Bless.

        Safari > Preferences > Extensions
        Turn those off and relaunch Safari to test.
         Start up in Safe Mode.
         http://support.apple.com/kb/PH14204?viewlocale=en_US
         Repair Disk.
         http://support.apple.com/kb/PH5836
         Reset SMC.     http://support.apple.com/kb/HT3964
         Choose the method for:
         "Resetting SMC on portables with a battery you should not remove on your own".

  • Question I am getting this error and see no place to change scripting?JavaScript is disabled in your browser. Please activate JavaScript from Tools Internet Options Security Internet Custom Level Scripting Active Scripting Enabled.

    JavaScript is disabled in your browser. Please activate JavaScript from Tools>Internet Options>Security>Internet>Custom Level>Scripting>Active Scripting>Enabled.
    These are the instructions for internet explorer but i can't see anything in firebox.

    In my Firefox 5.0 I see check-box for enabling/disabling JavaScript in the "Content" tab.
    Is it checked in your Firefox and JavaScript still not working?

  • Please Help - Secure Internet Programming

    On Sun's home page at http://java.sun.com they have an article
    on "Secure Internet Programming with JavaTM 2, Standard Edition (J2SETM) 1.4" so I tried it out but I got "cannot resolve symbol" compiler
    error when I tried to compile HttpsServer.java - so what do I change
    to get it to compile?
    Here's the actual error message:
    HttpsServer.java:32: cannot resolve symbol
    symbol : class ServerSocketFactory
    location: class HttpsServer
    ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
    ^
    1 error
    I'm using JDK1.4.1 but I can't believe that is the problem. Here is the
    soucre code from the article:
    import java.io.*;
    import java.net.*;
    import javax.net.ssl.*;
    import java.security.*;
    import java.util.StringTokenizer;
    * This class implements a multithreaded simple HTTP
    * server that supports the GET request method.
    * It listens on port 44, waits client requests, and
    * serves documents.
    public class HttpsServer
    String keystore = "serverkeys";
    char keystorepass[] = "hellothere".toCharArray();
    char keypassword[] = "hiagain".toCharArray();
    //The port number which the server will be listening on
    //*public static final int HTTP_PORT = 8080;
    public static final int HTTPS_PORT = 443;
    public ServerSocket getServer() throws Exception
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(keystore), keystorepass);
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, keypassword);
    SSLContext sslcontext = SSLContext.getInstance("SSLv3");
    sslcontext.init(kmf.getKeyManagers(), null, null);
    ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
    SSLServerSocket serversocket = (SSLServerSocket)ssf.createServerSocket(HTTPS_PORT);
    //*return new ServerSocket(HTTP_PORT);
    return serversocket;
    //multi-threading -- create a new connection for each request
    public void run()
    ServerSocket listen;
    try
    listen = getServer();
    while(true)
    Socket client = listen.accept();
    ProcessConnection cc = new ProcessConnection(client);
    catch(Exception e)
    System.out.println("Exception: "+e.getMessage());
    //main program
    public static void main(String argv[]) throws Exception
    HttpsServer httpserver = new HttpsServer();
    httpserver.run();
    class ProcessConnection extends Thread
    Socket client;
    BufferedReader is;
    DataOutputStream os;
    public ProcessConnection(Socket s)
    //constructor
    client = s;
    try
    is = new BufferedReader(new InputStreamReader(client.getInputStream()));
    os = new DataOutputStream(client.getOutputStream());
    catch(IOException e)
    System.out.println("Exception: "+e.getMessage());
    this.start(); //Thread starts here...this start() will call run()
    public void run()
    try
    //get a request and parse it.
    String request = is.readLine();
    System.out.println("Request: "+request);
    StringTokenizer st = new StringTokenizer(request);
    if((st.countTokens() >= 2) &&
    st.nextToken().equals("GET"))
    if((request = st.nextToken()).startsWith("/"))
    request = request.substring(1);
    if(request.equals(""))
    request = request + "index.html";
    File f = new File(request);
    shipDocument(os, f);
    else
    os.writeBytes("400 Bad Request");
    client.close();
    catch(Exception e)
    System.out.println("Exception: " + e.getMessage());
    * Read the requested file and ships it
    * to the browser if found.
    public static void shipDocument(DataOutputStream out, File f) throws Exception
    try
    DataInputStream in = new
    DataInputStream(new FileInputStream(f));
    int len =(int) f.length();
    byte[] buf = new byte[len];
    in.readFully(buf);
    in.close();
    out.writeBytes("HTTP/1.0 200 OK\r\n");
    out.writeBytes("Content-Length: " + f.length() +"\r\n");
    out.writeBytes("Content-Type: text/html\r\n\r\n");
    out.write(buf);
    out.flush();
    catch(Exception e)
    out.writeBytes("<html><head><title>error</title></head><body>\r\n\r\n");
    out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
    out.writeBytes("Content-Type: text/html\r\n\r\n");
    out.writeBytes("</body></html>");
    out.flush();
    finally
    out.close();

    No problem, glad to help.
    Sun, like anyone else, doesn't always catch typos and copy/paste errors. Hopefully next time something like this happens, you'll be able to understand the information that's available to you in the error message, and look in the documentation for help. That's the bigger lesson here.
    Steve

  • Please Help - Secure Internet

    On Sun's home page at http://java.sun.com they have an article
    on "Secure Internet Programming with JavaTM 2, Standard Edition (J2SETM) 1.4" so I tried it out but I got "cannot resolve symbol" compiler
    error when I tried to compile HttpsServer.java - so what do I change
    to get it to compile?
    Here's the actual error message:
    HttpsServer.java:32: cannot resolve symbol
    symbol : class ServerSocketFactory
    location: class HttpsServer
    ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
    ^
    1 error
    I'm using JDK1.4.1 but I can't believe that is the problem. Here is the
    soucre code from the article:
    import java.io.*;
    import java.net.*;
    import javax.net.ssl.*;
    import java.security.*;
    import java.util.StringTokenizer;
    * This class implements a multithreaded simple HTTP
    * server that supports the GET request method.
    * It listens on port 44, waits client requests, and
    * serves documents.
    public class HttpsServer
         String keystore = "serverkeys";
         char keystorepass[] = "hellothere".toCharArray();
         char keypassword[] = "hiagain".toCharArray();
         //The port number which the server will be listening on
         //*public static final int HTTP_PORT = 8080;
         public static final int HTTPS_PORT = 443;
         public ServerSocket getServer() throws Exception
              KeyStore ks = KeyStore.getInstance("JKS");
              ks.load(new FileInputStream(keystore), keystorepass);
              KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
              kmf.init(ks, keypassword);
              SSLContext sslcontext = SSLContext.getInstance("SSLv3");
              sslcontext.init(kmf.getKeyManagers(), null, null);
              ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
              SSLServerSocket serversocket = (SSLServerSocket)ssf.createServerSocket(HTTPS_PORT);
              //*return new ServerSocket(HTTP_PORT);
              return serversocket;
         //multi-threading -- create a new connection for each request
         public void run()
              ServerSocket listen;
              try
                   listen = getServer();
                   while(true)
                        Socket client = listen.accept();
                        ProcessConnection cc = new ProcessConnection(client);
              catch(Exception e)
                   System.out.println("Exception: "+e.getMessage());
         //main program
         public static void main(String argv[]) throws Exception
              HttpsServer httpserver = new HttpsServer();
              httpserver.run();
    class ProcessConnection extends Thread
         Socket client;
         BufferedReader is;
         DataOutputStream os;
         public ProcessConnection(Socket s)
              //constructor
              client = s;
              try
                   is = new BufferedReader(new InputStreamReader(client.getInputStream()));
                   os = new DataOutputStream(client.getOutputStream());
              catch(IOException e)
                   System.out.println("Exception: "+e.getMessage());
              this.start();                                                                            //Thread starts here...this start()     will call run()
         public void run()
              try
                   //get a request and parse it.
                   String request = is.readLine();
                   System.out.println("Request: "+request);
                   StringTokenizer st = new StringTokenizer(request);
                   if((st.countTokens() >= 2) &&
                   st.nextToken().equals("GET"))
                        if((request = st.nextToken()).startsWith("/"))
                             request = request.substring(1);
                        if(request.equals(""))
                             request = request + "index.html";
                        File f = new File(request);
                        shipDocument(os, f);
                   else
                        os.writeBytes("400 Bad Request");
                   client.close();
              catch(Exception e)
                   System.out.println("Exception: " + e.getMessage());
         * Read the requested file and ships it
         * to the browser if found.
         public static void shipDocument(DataOutputStream out, File f) throws Exception
              try
                   DataInputStream in = new
                   DataInputStream(new FileInputStream(f));
                   int len =(int) f.length();
                   byte[] buf = new byte[len];
                   in.readFully(buf);
                   in.close();
                   out.writeBytes("HTTP/1.0 200 OK\r\n");
                   out.writeBytes("Content-Length: " + f.length() +"\r\n");
                   out.writeBytes("Content-Type: text/html\r\n\r\n");
                   out.write(buf);
                   out.flush();
              catch(Exception e)
                   out.writeBytes("<html><head><title>error</title></head><body>\r\n\r\n");
                   out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
                   out.writeBytes("Content-Type: text/html\r\n\r\n");
                   out.writeBytes("</body></html>");
                   out.flush();
              finally
                   out.close();
    sou

    borntwice80, many thanks for your response - good idea
    but it turns out that all I needed was the following statement:
    import javax.net.*;                                                       
    ...and that fixed the problem
    ...Actually, it was mutmansky in the java programming forum
    that found it.

  • Help me to choose Right Core switches and Edge switches as per my Spec

    Dear All
    Please help me to choose Core and Edge switches and all required hard ware and software. 
    the spec details as per below 
    Core Switches
    1. High performance, highly scalable core switch to provide multi-10GE connectivity to various segments in the network.
    2. Switch should have redundant switch fabric and routing engines or management / supervisor modules
    3.should have separate control and forwarding planes
    4.Each switch should have redundant power supplies in N+N or N+1 fashion
    5. Must allow for two spare slots once services, management, processing modules and line cards populated
    6. Easy to manage firmware- i.e. single code type enterprise/service provider) or train, and robust operating system
    7. Supports for the VRRP, NSR, GRES, BFD, STP, MSTP, RSTP, VSTP, LACP redundancy protocols
    8. Hot plugging and removal 
    9. The switch should have native switching architecture with up to sufficient performance such that the loss of one switching fabric should not lead to degraded performance
    10. Switch should support switching at least 400Mpps
    11. Switch should be able to support 40 10Gig line rate ports in a fully redundant configuration 
    12. Chassis that can scale to 700 Gbps
    13. The proposed Backbone switch should support, but not be limited to the following Layer 3 features:
    Static ip routing
    Routing information protocol (RIP) and RIP2
    Open shortest path first (OSPF)
    IGMP v1, v2 and v3
    IGMP Snooping 
    IP multicast routing protocol 
    14. The switch should support the following features at a minimum:
    Spanning Tree 802.1D, 802.1S, 802.1W
    GVRP
    802.1x single and multi-supplicant: VLAN and ACL assignment
    Dynamic ARP Inspection (DAI), DHCP snooping, IP Source gurard
    LLDP, LLDP-MED
    802.3X, 802.3ad
    Redundant Trunk Group (RTG)
    IGMP snooping 
    Unicast static, OSPF v1/v2, RIP v1/v2
    Multicast IGMPv1/v2, PIM
    Graceful Route Engine Switchover 

    I have gone through your document and I am surprised to see MORE information in the document than what you've posted.  I am so mildly suspicious about the authenticity of the document and spreadsheet you've attached.  
    So far, based on this document, the client wants a chassis that can support up to 700 Gbps backplane.  The only candidate, other than a full-blown Nexus solution, is the 6807-X.  
    Next, the document also states dual supervisor card with two spare slots.  Good luck trying to get that much empty space on a 6807-X.  This means 6509E.  You can't use a 6513E because of line-card-to-slot limitation.  
    If you look under the heading "Edge Switching", the first sentence already makes references to 6800ia switch.
    There's also a reference stating that the product should have a 100 Gbps backplane.  You can take the 6509E chassis out of the equation.  
    So you see, I am suspicious about the authenticity of the document.  I agree with mali's and devil's recommendation that if you are serious, you would be engaging Cisco SE/AM in your region.  There are only three reasons, that I can think of, why you've posted this here.  One of them is the intended purpose of this document (and the audience).

  • How to telnet to Edge Switch

    Dear Experts,
    I'm going to try configure on how to telnet to Edge switch but still no result. My Network topology is below:
    - 1 Core Switch 3560
    - 3 Edge Switch 2960
    I'm configured 4 VLAN:
    + Vlan 19: 10.19.10.0/24
    + Vlan 20: 10.20.10.0/24
    + Vlan 21: 10.21.10.0/24
    + Vlan 22: 10.22.10.0/24
    On each Vlan, I was assigned Vlan interface IP. 
    I'm using VTP mode (Server and client) to trunking VLAN and Core SW is standing a VTP Server. I can telnet to Core SW using VLAN Interface IP. 
    The question is how can I configure to telnet to Edge SW? 
    Has somebody help me on this?
    Thanks in advance!
    JH

    Hi,
    From looking at your topology, the configuration should work. You should be able to telnet into the edge switches from anywhere in the network using the ip addresses of the vlan interfaces on each switch.
    What exactly is the issue you're experiencing?
    Are you able to ping the switch ip addresses?
    Looking forward to hearing from you

  • How to telnet to an edge switch?

    We have a 6506 which have dot1q trunk links to 2950 edge switches....
    my problem is that i need to be able to remotely access these 2950 switches using telnet.
    Is it just a case of assigning each switch an ip address to vlan1 and also assigning an ip address to vlan1 on the 6506?
    any help would be great
    Cheers

    Jonathan
    I think you have pretty well described what you need to do. You assign an IP address to each 2950 for management purposes (all management addresses in the same subnet). By default that address is associated with VLAN 1. You also need to configure VLAN 1 on the 6506 with an IP address in the subnet that you are using on the 2950s. That way the 6506 can get to all the 2950s. You also need to provide appropriate routing so that devices in other parts of the network have routes to the subnet and the 6506 has routes to the other subnets in the network. You should then be able to telnet to any of the switches.
    HTH
    Rick

  • WebHelp leaves secure internet connection

    When clicking "Help" from the application, you are prompted
    with "You are
    about to leave a secure internet connection. Do you which to
    continue?" That
    is normal.
    However, if you select "No", a web page still pops up, with
    the help
    information displayed and a blank web page behind it.
    Does anyone know how to fix this?

    J.Bost -
    In the web application that calls the Webhelp, what is the
    language/syntax used? Do you see this behavior if you call a simple
    html page?

Maybe you are looking for

  • How do I restore my iPhoto library from a number of different back-ups (different dates) in Time Machine?

    I recently upgraded my internal hard drive to a 1TB. Prior to this, I had been backing up to an external hard drive using Time Machine and then deleting the older photos to make room for the newer ones. Now that I have a large internal hard drive, I

  • Send Mail with Multiple Attachment

    How to send mail with multiple attachment. The documents are in a table column BLOB. Read and attach in to mail directly. We don’t want save the documents into hard disk and attach to mail. Please Help If you have java procedure or Pl/Sql Procedure.

  • Mac Mavericks has messed up my CS4

    Since downloading Mavericks, Photoshop CS4 is not working correctly. Specifically, I have lost my Tools bar and many of my most useful Tools, including the main cursor. Anyone know how to fix this? Thanks.

  • How do I send my display to a projector via HDMI?

    I am new to Mac. I recently purchased a projector and I want to use my Macbook Air to display presentations via my projector. With PC, I think I used  "F8". How do I on Mac? Please help...

  • Trying to add workforceID to eDirectory Collector

    I'm trying to add WorkforceID to the eDirectory collector. I have Eclipse installed and working with the Senitnel SDK plug-in. I have the edirectory collector imported and have been looking through the various files to get some sort of understanding.