Switches on Network Borders

Hi There,
Can somebody advise how secure is it to place a L2 switch on my network perimter? I heard that it is easy to flood a switch that's exposed to the internet but I'm not sure how accurate is this sentence because I'm aware that switches are not stateful devices so what concerns should I worry about when exposing my switch to the internet?
Thanks!
Haitham

In many cases you can't avoid putting a layer 2 switch on the perimeter. You have your ethernet handoff from the provider and quite often you have other interfaces in this "dirty" network, such as VPN concentrators, IPS/IDS devices, etc. I am not quite sure how you can use VLANs since you typically have a public IP range that's all in the same subnet. I would recommend not putting an IP address on the switch and shuting down the management interface (vlan 1). In addition you can turn off unnecessary services like CDP, STP and SNMP in order to minimize your exposure. In terms of flooding your network your router (assuming you don't have a switched ethernet service) would most likely take the hit before your layer 2 switch would.

Similar Messages

  • Windows 7 hangs and switches off network access

    We are running a Windows 7 Ultimate 32-bit operating system as our server.
    About on 30 minute intervals the computer hangs and switches off network access.
    If the computer is in this state and you try and access it from another computer nothing happens.
    While in this state you can see the desktop indicating that it's not in sleep mode.
    The problem is rectified by click the mouse on the computer.
    It has not gone into a sleep mode as everything on the power options is set to never.
    Please help?
    Regards,
    Andries Malherbe
    Vizier Systems

    About on 30 minute intervals the computer hangs and switches off network access.
    If the computer is in this state and you try and access it from another computer nothing happens.
    Could you plaese share more information about "switches off network access" with us? I don't quite understand this situation
    Please also check the event viewer to collect related information about this issue when you re-use the Windows 7.
    Meanwhile, Please update the driver for network adapter or reinstall for a test.
    Regards
    Yolanda
    TechNet Community Support

  • When I switch between networks firefox is not working. I will have to close the browser and open it again!?

    Hi,
    I love firefox!!! I wanted it to be perfect all the time, one issue I come across with it recently is: When I switch between networks (say connecting to myoffice network through VPN when firefox is already open) firefox is not working. I will have to close the browser and open it again to make it work! could you please fix this.
    Thanks.
    Raja Pattamsetty

    If an option or preference settings not being saved after you restart firefox see:
    [http://kb.mozillazine.org/Preferences_not_saved Preferences not saved]
    thank you
    Please mark "Solved" the answer that really solve the problem, to help others with a similar problem.

  • Ios 8 update doesnt have the option of switching between networks i.e 2G or 3G network..  pls rectify this issue

    ios 8 update doesnt have the option of switching between networks i.e 2G or 3G network..
    pls rectify this issue

    Why don't you ask your best friend to rectify the issue?  Oh, your best friend isn't Apple?  Well neither are the users on this forum.  APPLE IS NOT HERE

  • Switched wireless network and now cannot send emails

    I just switched wireless network and now cannot send emails. i have checked with my email provider and all settings are correct.

    Depending on what wireless network you switched to if it is not connected to your ISPs network most all ISPs block sending mail from clients that are NOT part of there network, IE have an account with them.
    So if you switched from your home wired/wireless network that uses XYZ ISP to a friends network that uses ABC as there ISP and you try to send mail through YOUR ISPs Mail servers it will fail because YOU do not have an account with them and you are trying to use a different ISPs mail servers. This is to stop Spam emails being sent out from other mail servers that can't be tracked by the ISP you are connected to.

  • I do not want to switch wireless networks

    No, Airport Utility, I do not want to switch wireless networks to get my Time Capsule mounting again. This is because if I switch wireless networks, the network will go spinning its little time wheel of nothingness forever and ultimately report that it cannot find the Time Capsule it switched for. On the other hand, if I choose not to switch, it insists that there's nothing to be done with the Time Capsule that's right up top, all by itself, in the Airport wireless devices in the network.
    All I want is for my Time Capsule to stop having these fits where it decides it won't join the network that already exists, that is already quite happy, and that it does not need to be the base station for. What is the problem that keeps making it go off into these fits where it won't join the network and won't let any network join it? And why does this keep happening? And what will stop it short of throwing the Time Capsule out the window?

    Due to logistics, I attempted to configure via wireless connection. The AirPort utility recognized the AirPort Express only after I pressed the reset button on the Express. It then showed up and I went through the setup dialogs regarding joining an existing network (my Airport Extreme) which it found. I configured the Airport Express using no security, as I was not sure which to choose and I was told there was an issue with my older Mac and working with the newer security protocol. The dialog box indicated that the configuration was complete, "The settings for this Airport Express have been successfully updated.. You can close the window or wait for the Airport Express to restart." I waited for about 5 minutes and it did not restart. I then closed and reopened the AirPort utility and it indicated that it could not locate any wireless devices, neither of the AirPort devices showed up. I tried relaunching the AirPort Utility several time with the same results. I then rebooted my machine and launched the AirPort Utility; it identified my Airport Extreme but not the AirPort Express.
    In order to connect via ethernet I would have to remove the AirPort Express from the location from which I intend to use it and connect it adjacent to my computer. What about losing or changing supposed retained settings by unplugging and moving each time? The ethernet connector currently runs between my cable modem and my AirPort extreme. This means getting a 2nd cable or disconnecting my AirPort Extreme to use the existing cable. Do I need to have this connected when trying to configure the AirPort Express? By turnoff the wireless I think you mean using the software to turn it off and not pulling the wireless card in my computer. I am a little confused why the AirPort Utility can only identify the AirPort Express only after I press the reset button on the Express.
    Thanks for your help.

  • I have two wireless networks that I switch back and forth.  Everytime I switch the network zone my macbook pro hangs and I have to do a hard shutdown and restart.  What is the fix?

    I have two wireless networks that I switch back and forth.  Everytime I switch the network zone my macbook pro hangs and I have to do a hard shutdown and restart.  What is the fix?

    Create two locations in Network, one for one and one for the other.
    WiFi, Internet problems, possible solutions
    WiFi security issues, at home and WiFi hotspots

  • Extend multicast (bonjour, mDNS, 224.0.0.251) over network borders

    Hi,
    I try to get Bonjour (mDNS, iChat, multicast and so on) running across network borders. Where 'running across network borders' means, that the multicast traffic travels from one layer 2 domain / ip network (over a router) to another.
    Is this possible?
    While playing around with a Cisco Catalyst 3560 as Router and trying to get multicast routing to work, I saw that the TTL of the multicast traffic (desination 224.0.0.251 udp 5353) is 1. And as far as I know a router would decrement the TTL by (at least) 1, so it becomes 0 and the packet would be discarded.
    Is it possible to change the TTL value to something greater than 1?
    It would be kind if here is someone out there who could give me some hints on this.
    Thanks in advance
    regards
    Mark
    Mac OS X (10.4.10)

    Sonic,
    The Multicast address you are referencing 224.0.0.251 is part of Bonjour.  Bonjour is a Multicast DNS protocol for service discovery and advertisement and is a perfectly normal process.  Apple's implementation of Bonjour assumes a link-local multicast address (224.0.0.*) that is not suppose to traverse a router but will still be heard on interfaces that process multicast packets.
    Search for multicast DNS or Bonjour on wikipedia to learn more about how these protocols work.
    While you may have had Bonjour disabled in prior versions of MacOS, it was likely re-enabled to support the Apple Wireless Direct Link (a wireless adapter sub-interface) which requires the Bonjour protocol to advertise services such as AirDrop and AirPlay.
    Since you are receiving Teardrop attack notifications on your router, it is safe to assume that internal interfaces are being monitored.  I would suggest disabling the deep packet security inspection for internal ethernet and wireless interfaces (or if possible dismiss or disable just the offending signature for your trusted hosts). 
    Best Regards

  • How to get "fast user switching" and network shares playing nice

    I've been alternating between banging my head against a wall and reading every forum I could find to try and get a reasonable compromise between using "Fast user switching" and sharing a folder from a file server.  It baffles me how the network share/mount model of OSX/AFP is completely killed by fast-user-switching; this is a big problem with Apple requiring users to be actively logged in to share music/video from iTunes which therefore essentially requires fast-user-switching if anyone else wants to use the computer.  (anyone find it odd that you can share files without being logged in, but sharing songs requires an active login for each user who is sharing?  Apple: time to make iTunes sharing a service!)
    For the sake of example, lets just say I want to share my /Groups folder from my desktop and have it be accessible to my laptop.  Here are all the things that I tried:
    Apple Method 1) Share /Groups in the Server.app on the desktop (running Lion Server), use finder on the laptop and drag the share icon to "Login Items", alternative use a startup Apple script using "mount volume"  Both of the options work and will mount the /Groups folder under /Volumes/Groups, of course when the second person logs in via fast-user-switching (and occasionally the first person for no apparent reason), they will get /Volumes/Groups-1 since /Volumes/Groups is already taken.  Tomorrow we log in a different order and now the previously /Volumes/Groups-1 user has their mount at /Volumes/Group and vice versa.  Any links, aliases, finder sidebar references, and application settings which pointed to yesterday's location are now BROKEN.  Not very user friendly to my mother-in-law who is trying to find those pictures of the kids and doesn't know anything about mount points. I also can't reasonably mirror the file location structure on the desktop so that application preferences that are synced between the two (portable home directories) work.   fail.
    Apple Method 2) Use automounter and set up by hand direct maps for /Groups or an indirect maps for the children of /Groups.  Now it will automatically get mounted to /network/servers/SERVER/Groups/ on the laptop and on the desktop it will automatically create a similar symlink structure so that the same path (/network/servers/SERVER/Groups) work both on desktop and laptop.  Cool.  Except when the second person logs in, the /network/servers/SERVER/Groups/ mountpoint is already owned by the first user and they don't have any permissions to access it.  Fail.
    Apple Method 3) Use mount_afs and specify directly the mount-points.  Have each user have their own startup AppleScript which mounts /Groups to a different location (e.g. /Users/Shared/username/Groups) that way they don't conflict with multiple users.  On the desktop, set up symlinks from /Users/Shared/username/Group to /Groups so that it will be the same as the client and applications settings will work when synchronized back/forth by portable-home-directories.  Will it work, yes it does, but what a bear to maintain.  Is this really what I should expect to do just to have multiple users on my desktop and laptop (which again is essentially required now if I want to do any type of iTunes sharing).  This can't be what apple expects.
    What I ended up doing - the "not quite apple" solution.
    Non-Apple Method 4) After a read of "Autofs: Automatically Mounting Network File Shares in Mac OS X" (http://images.apple.com/business/docs/Autofs.pdf) at the very end there is a single paragraph  of "Kerberized NFS": "A Kerberized NFS mount can have multiple connections from multiple users, each using the correct user’s credentials for each transaction. This allows administrators to support multiple users, each authenticated with their own credentials to the same mount point. This is very different from AFP and SMB mounts," (emphasis mine)
    It appears that by using good 'ole NFS (abeint with Kerberos for security!) you can actually have multiple users on the same mount point.  Roughly following the guidance at https://support.apple.com/kb/TA24986?viewlocale=en_US.  What I needed to do was:
    1) create /etc/exports on my desktop and add a single line "/Groups -sec=krb5".  The existence of /etc/exports triggered a start of nfsd which no longer has any GUI options in Lion.
    2) Add a line to /etc/auto_master on my laptop "/-  auto_mymounts" to reference a new direct map.
    3) Create /etc/auto_mymounts and add a single line "/Groups         SERVER:/Groups" to create the direct map.
    THAT'S IT.  Three lines in three files.
    Now when I log into my laptop, there is a /Groups that is a network mount of my desktop's /Groups, same location AND it works for all of my users, even simultaneously. 
    In the end I'm happy with what I've got, but man was this a difficult path just to support fast-user-switching.  In Lion, Apple appears to be getting away from NFS (no longer turned on by default and remove from the GUI controls) but clearly this really useful functionality which doesn't exist in AFP. 
    I'm really curious, after all this work.  Any other ways to accomplish this?

    In my example above, yes I chose to mount the share "Groups" to the top of the root since that is where I put it on my server and I wanted to keep them similar; but that was just my preference, it isn't a requirement.  You can export and mount from other directories.

  • Removal of Virtual Switch Logical Networks

    Hi,
    I've recently managed to get SCVMM 2012 R2 up and running and it's currently managing 2 hosts in a cluster. I've migrated both hosts onto a logical switch, and I'm now at the stage where I'm ready to delete the LN's created for the per-host switches. I've
    deleted the Virtual Switches and deleted the VM Networks associated with the switches successfully, but when I go to delete the LN's associated with the Virtual Switches, I get a 25100 error.
    In dependencies, it shows that each LN has one of the hosts as a dependency but when I log into the hosts, there's nothing to indicate that they're in use. Is there any way to fix this or do I need to manually delete them from the database?
    Cheers,
    Ed

    Hi Sir,
    >>In dependencies, it shows that each LN has one of the hosts as a dependency
    If you mean this :
    Please open the hosts' properties then check the hardware option and uncheck the "logical network connectivity":
    Best Regards,
    Elton Ji
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] .

  • Switching and networking

    hi
    For the last 10ish years, I have been a PC user with experience limited to windows and linux, but I am considering buying a macbook (hence the post :P)
    It looks really good and the Mac OS has always appealed to me more than the windows OS. Plus, having had a good look at vista, the changes that are going to be made to the OS are very superficial. vector based graphics (OS 10.4???) gadgets from a sidebar (widgets???) and a built in searcher (spotlight???)
    It would seem that whatever windows has to offer, Mac did it first, so I thought it would only be fair to give the innovators a try, but I'm having reservations about going mac.
    Since the rest of my family are stuck with windows and we workd with a windows based WiFi network from a third party router, will be able to use the airport wifi on a macbook?
    And if you fancy doing a bit of convincing as to why I should convert to mac it would be much appreciated because I'm struggling with the extra money I would have to spend. Because I know I can get a lot more for £750 than what apple is offering...
    slow and steady
    lightsguydave
    home made PC   Windows XP Pro  

    I can understand your trepidation, since that was me last year before I purchased one of the first Mac Minis. Now I have a MacBook and a MacBook Pro to add to the collection of three Dell desktops and one Dell laptop, all running on the same network on a Linksys router and wireless access point, and the Mini and one Dell on a KVM switch. Plus, the Macs access an Airport Express to stream music to the home stereo while I work. And, the Airport Express is also small enough to throw in the computer bag to use in the hotel when traveling to set up a quick wireless network on the go---I use the Mac and the Dell on trips and neither have any trouble. Everything on my network at home shares files and one printer. Nowadays, Windows PCs and Macs play together pretty nicely…
    You won’t have any trouble using the WiFi, networking the Windows PCs and Macs, or sharing files and a printer. If you do, you’ll find someone on this forum who can give step-by-step instructions.
    The only real problem you’ll run into is that once you learn your way around on the Mac, you think you need another one.
    MacBook, MacBook Pro, Mac Mini PPC   Mac OS X (10.4.6)   Dell D500, GX620 with Windows XP Pro

  • Switching wireless networks - OS X asking for password

    At my Moms house, she has a Linksys wireless router setup to serve b/g traffic, and a Time Capsule setup to serve n traffic. Both are saved and stored in the known networks setion.
    For some reason, when I go to switch to use one or the other, OS X prompts me to enter her user password. This is the account password, not the WPA password (that is stored in the Keychain).
    Her user is an admin user.
    Simply going to the airport menu, selecting the other network, OS X prompts for account password. The password box that comes up, if I expand the details section is lists:
    Right: com.apple.airport
    Application: SystemUIServer
    1) Any idea why the system asks everytime I select either of the networks for the account password?
    2) Could it be a corrupt pref file somewhere? I don't even see a file called com.apple.airport on her system (or my system for that matter).
    -Kevin

    Hey JC,
    So I checked that option off, with no change. Funny thing is my MacBook on my network (same setup with a linksys and time capsule), I have the setting checked and it doesn't require me to enter my password on my network.
    Would you have to reboot after that?
    Keychain (login keychain) is not set to be auto locked. I'm guessing it's using the password stored in the login keychain? I notice there are also entries for the routers in the System keychain.
    I've removed and re-added all WPA password to the keychains (the entries automatically get added to both the login and system keychains).
    Really weird and I'm trying to figure out....is it my system that is wrong, allowing me to switch without entering a password....or my Moms requiring the password.
    -Kevin

  • Logic nodes over switched ether-network?

    Hi,
    I'm planning to setup a 3-mac network as well as takng the leap from to Logic from Cubase.
    Can anyone tell me if the Logic-node system will work over an ether-network (via a switch) or does it have to be a direct Mac-Mac connection?
    Also, over what length cable run might latency be introduced?
    I may also want to use FX-Teleport over the network when it becomes available for the Mac. The same questions apply...will it work via a switch?
    And at what point might Midi/Audio latency be an issue?
    Thanks in advance.
    Colin

    Colin, just to reassure you, I just bought a cheap D-Link 10/100/1000 8 port switch and replaced by old 10/100 one. I replaced the two cables (Powerbook and G5) with proper Cat5e ones and my node works just fine at opposite ends of the house. Luckily the house wiring I installed was Cat5e already. For some reason Logic has trouble compensating for latency on the EXS24 sampler, but all the other processes seem to have no latency at all. I tested the two machines in the same room with 1 metre CAT5e cables, and the latency is exactly the same. One thing to watch is that even when Logic tells you that it is processing particular tracks on the node, it actually doesn't seem to lessen the CPU load on the host until it absolutely has to. One particular song of mine has about 80% CPU on my Powerbook, and at one point in the song would very often stop with an overload message. Now with the node engaged it STILL shows 80% host CPU, but the difference is that when I reach the dangerous part, Node activity shows up on the meter, and I don't get the error. Cool!

  • Mail Keeps Redownloading Old Emails Whenever I switch Wireless Networks

    Hey Everyone,
    I am experiencing some technical difficulties with Apple Mail.
    I have configured Mail to download all emails from my online Yahoo account using the configuration settings from Yahoo.
    When I am using my wireless network at home, the client downloads all my NEW mail as expected.
    However, whenever I connect to a different network, say at the office or at university, or even in a foreign country, Mail downloads ALL the emails in my Yahoo mailbox again.
    Instead of simply downloading NEW mail messages like it is supposed to, whenever I connect to a different network, ALL my emails (both old and new) are redownloaded from the server.
    Once I return back home again to my usual wireless network, it will once again download ALL the mail, both old and new, again. Until I switch to another network, it will work fine.
    This is a terrible inconvenience, as I store thousands of emails online, and thus have to wait for about 45 minutes for mail to finish downloading all of the emails before I can check my new mail.
    Any assistance with this matter is most appreciated.
    I am using OS X 10.4.7 and Mail 2.1 (752/752.2) on an iBook G4.

    You're welcome.
    Any other means through which I can solve this?
    None that I know of in your case. Actually, some ISP's are clueless enough to tell users that the cause of the problem is that mail isn't being removed from the server. And some users are clueless enough to be happy "realizing" what the problem was and how easy it is to "solve" it -- see duplicated emails, for example.

  • Automatic switching among networks

    I have a cable modem receiving Comcast and a CISCO router connected to the modem, which has only one ethernet connection.
    I created a second network with an Airport Express 2nd Gen connected to the CISCO. I want to use this second network only for the PS3.
    Every once in a while I'm surfing CISCO and it switches to AIRPORT after the Macbook comes back from sleeping. Can I avoid this? Because then I have to choose the CISCO network again and sometimes it takes time to be able to browse again...

    Thanks Deepak,
    I have already made entries in "Proxy Mapping" with multiple values but when I tried to open link with HTTP, it does not automatically convert it in to HTTPS as it normally does for other sites like google, yahoo etc.
    Is any other configuration is required apart from above?
    Thanks
    Mehul

Maybe you are looking for

  • New iPod Touch won't sync with iTunes as iTunes hangs

    Hello, I got a new iPod Touch yesterday after my old iPod Video died. Brought it home, connected it and all seemed fine until iTunes (that had worked flawlessly for years) just stopped (app stops responding). I can kill the app and restart and it jus

  • Few questions about unibody

    So im getting rid of my white 2,16 this week and then getting a new unibody macbook 2 weeks from now. Im not sure which model im getting yet but most likely the 2.4ghz one. I have a few questions to ask that have kept me a bit curious. 1.How strong i

  • Printing REPORT1 to Tray1, REPORT2 to Tray2

    I am trying to automate two different reports so that one Reports Paper Source is TRAY1 and the Other Reports Paper Source is TRAY2. I have tryed using printer definition files with escape sequences, but they only seem to work when DESTYPE=file. I ne

  • Win7 64-bit PDF Preview works- except with PDF Forms?

    I have Win7 64-bit with Adobe Acrobat X Standard installed. I receive PDFs as attachments in Outlook 2010, and for the most part, the PDF preview works fine. Downloaded PDFs that I have in a folder with the Preview Pane work fine as well. However wit

  • Creative X-FI Xtreme Music H

    hi, i want to buy the Xtreme music and want to knw which model is better: 30SB046000000 -http://www.amazon.co.uk/Creative-Sound-Blaster-Xtreme-Music/dp/B000HXDK2U/ref=sr__2?ie=UTF8&s=electronics&qid=29677846&sr=8-2 or the: ?30SB077200000 - http://sca