OSPF & BGP redistribution
This is a WIP
- Allow for OOB/IB mangement to every device over the 10.x.x.x
- Do not allow any other network other than 10.x to reach 10.x
- All management must be secure and encrypted.
- R-1,R-2,R-3 will belong to domain pete.local
- OSPF must use link authentication.
- OSPF will be redistributed to BGP – BGP routes will be injected to OSPF.
- EBGP must be secure.
- Control plane will be kept seperate from any data traffic.
- Access layer switches will be kept Layer-2.
- hard-code all access switchports and trunk ports.
Why do we move away from vlan 1?
All control traffic is sent on VLAN 1. Therefore, when the native VLAN is changed to something other than VLAN 1, all control traffic is tagged on IEEE 802.1Q VLAN trunks (tagged with VLAN ID 1). A recommended security practice is to change the native VLAN to a different VLAN than VLAN 1. The native VLAN should also be distinct from all user VLANs. Ensure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link.