Best way to handle switch management?
-
What is the best way to handle switch management from a security viewpoint?
I have switches that doesn't have out-of-band management but they have ssh, telnet, http, https and serial. And they can boot over TFTP.
Also what can be changed over SNMP? Can you change the config, make the switch reboot or is it just read-only info? -
Typically SNMP can do anything in a managed switch.
-
This is a case where you might want a VLAN to put all switch functions into that separate network. That makes it like it is OOB. Network management functions is one of the better use cases for small scale VLAN.
-
@scottalanmiller said in Best way to handle switch management?:
This is a case where you might want a VLAN to put all switch functions into that separate network. That makes it like it is OOB. Network management functions is one of the better use cases for small scale VLAN.
This is exactly what we did in my previous job. Also keep racks closed
and set a proper password. -
Sounds like a good idea guys. I will do it that way.
