22 Cisco LAN Switching Configuration Handbook
e. QoS
■ Configure QoS on every switch in your network. QoS must be properly
supported end-to-end. See section “13-2: QoS Configuration,” in Chapter
13, “Quality of Service.”
■ Extend the QoS trust boundary to edge devices (IP phones, for example)
that can provide trust.
■ Use policers to control nonmission-critical traffic flows.
f. Redundant switch modules
■ Consider using redundant supervisors in server farm switches where hosts
are single-attached (one NIC).
■ If redundant uplinks are provided at each network layer, two physically sep-
arate switches will always provide redundancy. Use redundant supervisors in
distribution or core layer switches where only single uplinks are available.
■ Use high-availability redundancy between supervisors in a chassis. Enable
versioning so that the OS can be upgraded without a switch downtime. See
section “3-6: Redundant Supervisors,” in Chapter 3, “Supervisor Engine
Configuration.”
g. Port security, authentication
■ You can control the end-user MAC address or the number of users connect-
ed to an access layer switch port with port security. See section “11-3: Port
Security,” in Chapter 11.
■ Authenticate users at the access layer switch ports. Section “11-8: 802.1X
Port Authentication,” in Chapter 11 describes how to configure a port to
require a login or certificate for user authentication before granting access
to the network.
■ Control access to VLANs with VLAN ACLs. See section “11-4: VLAN
Access Control Lists,” in Chapter 11.
■ Dynamic ARP Inspection (DAI) is a security feature that validates ARP
packets in a network. See section “11-9: Layer 2 Security,” in Chapter 11.
■ DHCP Snooping provides the security against the Denial-of-Service (DoS)
attacks. See section “11-9: Layer 2 Security,” in Chapter 11.
■ IP Source Guard prevents IP spoofing by allowing only the IP addresses that
are obtained through DHCP Snooping on a particular port. See section “11-
9: Layer 2 Security,” in Chapter 11.
To Next Page
Loading...
Need help?
General