Cisco Small Business Equipment VLAN security issue

Hi, I have a RV220W router and a switch SG200-18. I'm trying to set up my network to be as secure as possible...

The RV220W has the configuration of VLAN next:

Port 1: Manage, DMZ, Business, Test, Diag, home and anywhere (not identified)

Port 2-4: not used (unidentified) and people with DISABILITIES

All ports were excluded from the default VLAN

SG200-18 has the configuration of VLAN next:

Port 1 (trunk): manage, DMZ, Business, Test, Diag, home and anywhere (not identified)

Port 2-17 (access): not used (unidentified) and people with DISABILITIES

Port 18 (access): manage (unlabeled) * used to configure and manage the switching and routing of a pc

All ports were excluded from the default VLAN

I installed this according to the instructions in the Cisco security best practices: http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf

My questions regarding my network of quenching of Double-Encapsulated 802. 1 q / attack of VLAN nested. The white paper suggests to disable the VLAN native/unidentified all trunk ports... Unfortunately the RV220W seems to require a VLAN without label on each port (won't allow me to only have the tag VLAN)... Can someone suggest a more secure configuration given that I work with?

Thank you!

P.S. the switch allows me to configure a port mode 'General' where I can configure the frame Type to "Admit tag only" to allow only traffic labeled... I don't know if this would increase security?

In what concerns the vlan tag/UNTAG Yes. You must take into account the limitation of the router.

-Tom
Please mark replied messages useful

Tags: Cisco Support

Similar Questions

  • Configuration of SNMP on Cisco Small Business 300 Series managed switch

    Please can someone help me configure SNMP on Cisco Small Business 300 series switch?

    Thank you

    Hi Anton,.

    Don't forget to activate the service SNMP is first of all: Security > Services TCP/UDP.

    http://sbkb.Cisco.com/CiscoSB/UKP.aspx?VW=1&docid=3b13278d9ef9402a8fef57...

    also, you will find useful documents for configuration etc on our server community kb:

    http://sbkb.Cisco.com/CiscoSB/UKP.aspx?VW=1&docid=183cae2148d445b2a07473...

    Let us know if you have any problems.

    Aleksandra

  • Cisco SG300 - 28 p - Port security issue.

    Hi, I would like to activate the port security on a Cisco SG300 PoE 28 p Switch. I would like to know how this can be done in cases where port is more connected to desktop switches 8 ports and in cases where computers are connected directly to the switch.

    Thanking you in advance,

    Parth.

    This is described in detail in the section 'Configuration of Port Security' on page 326 to 329 of the document Cisco Small Business 300 Series Managed Switch Administration Guide.

    The difference between a port serving a desktop switch and the other directly serving endpoint is just the number of MAC addresses that you want to leave.

    You have any specific questions?

  • Accounting on a Cisco Small Business SF300-08

    Hello

    "Cisco Small Business 300 Series managed switches Administration Guide" and the sheet indicate that this switch can make requests of accounting with a Radius server. On the switch interface/CLI SF300, there is that the authentication port, the port of account cannot be resolved (and nothing is sent by the switch to the default port). I guess that the SF300-08 doesn't manage accounting. Maybe I need to change to another model. Could you give me another model in the same price range?

    Thank you

    Laurent.

    Hi Laurent, I am pleased that the 1.2.5.70 has solved this problem.

    Please keep Advisory of the 1.2.5.70 firmware has also been lifted for now.

    Please note that we have identified a potential problem with the 1.2.5.70 update for the series 200, 300 and 500 switches. As a precaution, we took down the 1.2.5.70 free while we determine the cause of the issue, the seriousness and the scope. We re - ask the release or publish an updated based on the results of our analysis.

  • Plug-and-Play for Cisco Small Business 300 Series managed switch

    Nice day

    What are the automatic installation options available for the Managed Switch series of Cisco Small Business 300?

    It seems there are not, the operating system is not the standard IOS I used to.

    I would use with ability to bridge the Infrastructure first Cisco PnP.

    Concerning

    Stone

    First Infrastructure use and assume an agent CNS (Cisco Network Services) on the other side, when you enable the 'plug & play '. Series 300/500 do not run IOS and does not include the CNS agent, but there is a way to activate the automatic configuration. Switches supported by the automatic DHCP configuration (using DHCP options 66, 67, etc.) in which case they automatically download their config to a TFTP server at boot time. This allows an administrator to put the configs for all switches on a TFTP server and simply start a default switch factory in order to obtain config.

    Seal a document shows how this is done.

    Hope that the information would be useful.

  • Router Cisco Small business with the functionality of the link aggregation

    Hi all!

    can someone tell me if there is a router from Cisco Small business with the functionality of the link aggregation? (I want to connect two 4 Mbps SDSL for flow)  The RV082 can do?

    Best regards

    You would need a RV016, who takes in charge up to 7 WAN ports. RV082 has only two WAN ports.

  • DHCP SNOOPING TO THE SWITCH OF CISCO SMALL BUSINESS SF200-48

    Please help me. I need to know if the dhcp snooping is available in cisco firmware version 1.3.7.18.

    Hi Bonnie, as I know DHCP snooping is not on the SX200 switch. I am also unable to find documentation in Administrator's guide and release notes not stating that it is.

  • Remote Desktop and Cisco Small Business RV042

    With our old router Linksys Wireless on the issue of applications we can redirect the port, for example:

    Remote desktop access from external pc: 201.85.X.X:1234 (to appoint our public IP and port 1234)

    Whit this we can access the private 10.1.X.X in Lan services Terminal Server machine WinVista Pro.

    I want to forward external port 1234 > 3389 Lan. Is it possible with RV042?

    Note: Firmware Version: v4.1.1.01 (latest)

    To change the ports source and destination, you must use the UPnP function

    That's what I use on the RV0XX

    best chance

  • My small business SF 302-08 Switch will not let me apply the command "Routing".

    Hi everyone, my switch cisco small business SF 302-08 has the latest firmware and I want to activate the command routing, but it doesn't let me do that.

    I've read the reference guide for orders, do all this procedure: IP Routing Protocol independent commands starting at page 629, but nothing happens. I need this because I want a routing between VLANs

    Kind regards.

    Hi Felipe

    Look forward to hearing how you go.

    If you reset the factory default switch and the switch is NOT connected to a server, the switch restarts with a default IP 192.168.1.245 address according to the Quick start guide .  If your PC has a static address 192.168.1.2, you should be able to access the graphical interface of the switch.

    http://www.Cisco.com/en/us/docs/switches/LAN/CSBMs/sf30x_sg30x/Quick_Start/78-19252-01.PDF

    If the switch is connected to a DHCP server, the switch Gets an IP via DHCP.

    I've had problems using hyperterminal on my Windows 7 box, that I have overcome by restarting my PC in order to free the COM port.  Settings of the console are;

    • 115200 bits per second
    • 8 data bits
    • no parity
    • 1 stop bit
    • no flow control

    If you really have problems, and you think that the switch is faulty, you have the possibility to use the services of small business Support Center (HWC) in order to identify if the switch is good or bad.

    The URL that watch phone numbers are lower;

    www.Cisco.com/go/SBSC

    Best regards, Dave

  • What small business routers support DHCPipv6-DP?

    I have a rv042-g, which apparently does not support the DP. DP is necessary for subnets to connect your local LAN ipv6 addresses to the Internet.

    (If there is a manual way to implement, I have not found it).

    I intend to return or sell the rv042-g once I found a better router.

    Looking through this thread suggests that it is supported on rv042 but not the rv180

    https://supportforums.Cisco.com/discussion/11629126/does-rv180w-support-...

    SMB team may be able to tell which specific version of fw its on

    http://www.Cisco.com/c/en/us/support/Web/TSD-Cisco-small-business-suppor...

  • Small Business Investment program Question

    I have a question about the small business investment program. I just bought a Cisco Small Business router and additional Small Business 8 Port Switch. Later on the road, we might need a 16, Port or more, but we don't need to exchange any now. We wonder what it takes just to enroll in the program. What is the link you need to register?

    http://ciscoinvestmentprotection.com/register.html

    Thank you!

    Hi Nathan,

    I just noticed that you also tweeted on the subject.  Anyway, here's the URL that you should go and look for information about this program:

    http://ciscoinvestmentprotection.com/brochure.html#

    Kind regards

    Cindy Toy

    Cisco Small Business Community Manager

    for Cisco Small Business products

    www.Cisco.com/go/smallbizsupport

  • 5508 WLC works only with small business unit SA 520 security

    Cisco 5508 is new Wireless LAN Controller supporting 802.11ac new Giga bit wireless. It has been connected to the port of SA 520 LAN LAN port of small business Security Appliance (trunk). VLAN by default 1 works fine, which is for the management but vlan data does not work.

    However, I can ping from WLC until SA 520 on vlan data but no ping SA 520. Also the wireless clients connected to the AP cannot connect to SA 520 on the data vlan 2702 as gateway?

    both have the latest firmwares. These devices are supported?

    Any suggestion?

    Hello

    I guess your VLAN DATA is another VIRTUAL local network that you have configured on the WLC.

    Make sure of the ff.
    1. you have configured the correct WLAN interface
    2. you have assigned the right WLAN interface on your SSID
    3. the DHCP of your users (where btw?) if in the WLC, check if it is on the correct subnet and that it is enabled

    Also considering it is a safety device, check that the ff:
    1. you have configured the necessary policies and fro the AP and WLC
    -Note that traffic CAPWAP able, to avoid any problem, just allow and fro WLC and AP for example, two policies a WLC-> AP and another AP-> WLC

    2. of course, the policies necessary to allow traffic

    PS: The compatibility is not a problem, note that your servers SMB of device as a connection of the WLC. You should have no problem integrating the two

    If it is not much, kindly rate helpful messages :)

  • Is VLAN via VPN possible with any of the Small Business routers?

    A tagged VLAN (for voice) will be routed through a VPN gateway to gateway on any of the Small Business routers, such as the SA520? This router is equipped

    Parameters of VLAN Trunking.

    No, it is not possible to send traffic to vlan via VPN on a series of SA500, but you can create a tunnel for each subnet, you need to pass traffic.

    hope this helps,

    Jasbryan

  • Fundamental issues of SFP for Small Business Switches

    Hi all

    Just for fun, I would switch to fiber, running the trunk ports between my two Cisco SG300 lab switches but I'm new to the media.

    In looking at the options, I thought that MM (MGBSX1) is the way to go, but the cost of the 'Official' FPS an arm and a leg. (don't forget, he is my laboratory, not a production environment).

    I have a few newbie questions and forgive if this has been answered a hundred times, but I was not able to find in the search.

    1. What I really need to use Cisco brand trancievers? I've seen other than Cisco 1000BASE-SX SFP on ebay for a tenth of the cost. Given that, Yes, the quality may or may not be the same.
    2. Is MGBSX1 way to go? Switches are in different rooms, so distance is not a problem, my choice was based on cost trancievers and media.
    3. SFP ports are valued only Gigabit, but I saw a higher number variety quoted. Is this a limitation of the switch itself, the protocol used, or the transmission media?

    Again sorry if these are questions of newb and thanks in advance!

    Lee

    1. should I really use Cisco brand trancievers? I've seen other than Cisco 1000BASE-SX SFP on ebay for a tenth of the cost. Given that, Yes, the quality may or may not be the same.

    According to the Quick Start Guide SG300 ' SFP ports are compatible with Cisco modules MGBT1, MGBSX1, MGBLH1, MGBLX1, MGBBX1, MFELX1, MFELX1, and MFEBX1, in addition to the modules from other brands. "

    2. is MGBSX1 way to go? Switches are in different rooms, so distance is not a problem, my choice was based on cost trancievers and media.

    Choose a type of SFP based on the length of the links and the type of available fiber.  Small Business card SFP provides the information you need.  The MGBSX1 is probably a good choice, low-cost, up to length of 550 meters over multimode fiber link.

    3 ports SFP are valued only Gigabit, but I saw a higher number variety quoted. Is this a limitation of the switch itself, the protocol used, or the transmission media?

    Each switch is designed to support specific port speeds, based on the application of switches designed into the network.  Optical transceiver modules do not support different speeds (like many electric ports).  Instead, the switch port is compatible, the transmitter/receiver module can be swapped to change speeds.  Style SFP modules are available at 100 Mbps and 1Gpbs; Modules of SFP + for 10 Gbit/s; higher speeds have new form factors.  You can see a lot of styles of optical Modules on the page Web Cisco transceiver.

    Good luck!

  • Cisco TelePresence Manager version 1.7 does support Windows Small Business Server 2008?

    Hello

    Is Microsoft Windows Small Business Server 2008 supported the Protocol LDAP, AD and MS Exchange server for Cisco TelePresence Manager version 1.7?

    Thank you

    AA

    Hello Ahmed - although this configuration "can work", Windows 2008 Small Business Server is not on the support list. This means that it has not been tested and it certifies to work with telepresence.

    To my knowledge, he's not on the roadmap for the future support however, I search and repost as soon as I have an answer for you.

    Kind regards

    -Andrew

    Sent by Cisco Support technique iPhone App

Maybe you are looking for