Medianet Reference Guide - Cisco

More documents

Recommendations

Info

Solution Chapter 1 Medianet Architecture Overview For these restricted access video scenarios, network virtualization technologies can be deployed to isolate the endpoints, servers, and corresponding media applications within a logical network partition, enhancing the security of the overall solution. Cisco Catalyst switching products offer a range of network virtualization technologies, including Virtual Routing and Forwarding (VRF) Lite and Generic Route Encapsulation (GRE), that are ideal for logical isolation of devices and traffic. Securing Media in the Campus As previously discussed, a layered and integrated approach to security provides the greatest degree of protection, while at the same time increases operational and management efficiency. To this end, campus network administrators are encouraged to use the following tactics and tools to secure the Campus medianet: Basic security tactics and tools: • Access-lists to restrict unwanted traffic • Separate voice/video VLANs from data VLANs • Harden software media endpoints with Host-based Intrusion Protection Systems (HIPS), like Cisco Security Agent (CSA) • Disable gratuitous ARP • Enable AAA and roles based access control (RADIUS/TACACS+) for the CLI on all devices • Enable SYSLOG to a server; collect and archive logs • When using SNMP, use SNMPv3 • Disable unused services • Use SSH to access devices instead of Telnet • Use FTP or SFTP (SSH FTP) to move images and configurations around and avoid TFTP when possible • Install VTY access-lists to limit which addresses can access management and CLI services • Apply basic protections offered by implementing RFC 2827 filtering on external edge inbound interfaces Intermediate security tactics and tools: • Deploy firewalls with stateful inspection • Enable control plane protocol authentication where it is available (EIGRP, OSPF, HSRP, VTP, etc.) • Leverage the Cisco Catalyst Integrated Security Feature (CISF) set, including: – Dynamic Port Security – DHCP Snooping – Dynamic ARP Inspection – IP Source Guard Advanced security tactics and tools: • Deploy Network Admission Control (NAC) and 802.1x • Encrypt all media calls with IPSec • Protect the media control plane with Transport Layer Security (TLS) • Encrypt configuration files 1-28 Medianet Reference Guide OL-22201-01
Chapter 1 Medianet Architecture Overview Solution • Enable Control Plane Policing (CoPP) • Deploy scavenger class QoS (data plane policing) WAN and Branch Office Medianet Architecture Many employees in the typical large company now work in satellite or branch offices away from the main headquarters. These employees expect access to the same set of media applications as your HQ employees. In fact, they may rely on them even more because of the need to communicate effectively and productively with corporate. Deploying the medianet in the WAN and branch office networks takes place on the standard design recommendations, following the services aggregation edge, service provider, and branch office architecture model (seeFigure 1-12 and Figure 1-13). The subsections that follow provide the top design recommendations for the WAN and branch office architecture. Figure 1-12 WAN/MAN Medianet Architecture WAN Aggregation Edge SLA WAN Transport Branch Edge FR/ATM MPLS Internet MAN Edge Site 1 MAN Transport SONET/ SDH MAN Edge Site 2 Metro Enternet DWDM 224518 OL-22201-01 Medianet Reference Guide 1-29
Page 1 and 2: Medianet Reference Guide Last Updat
Page 3: About the Authors Solution Authors
Page 6 and 7: Contents Application Intelligence a
Page 8 and 9: Contents The Globalization of the W
Page 10 and 11: Contents NetFlow Collector Consider
Page 12 and 13: Contents viii Medianet Reference Gu
Page 14 and 15: Business Drivers for Media Applicat
Page 16 and 17: Business Drivers for Media Applicat
Page 18 and 19: Challenges of Medianets Chapter 1 M
Page 20 and 21: Challenges of Medianets Chapter 1 M
Page 22 and 23: Solution Chapter 1 Medianet Archite
Page 46 and 47: Conclusions Chapter 1 Medianet Arch
Page 48 and 49: Related Documents Chapter 1 Mediane
Page 50 and 51: Related Documents Chapter 1 Mediane
Page 52 and 53: Measuring Bandwidth Chapter 2 Media
Page 54 and 55: Packet Flow Malleability Chapter 2
Page 56 and 57: Shapers Chapter 2 Medianet Bandwidt
Page 58 and 59: Shapers versus Policers Chapter 2 M
Page 60 and 61: Shapers versus Policers Chapter 2 M
Page 62 and 63: Converged Video Chapter 2 Medianet
Page 64 and 65: Bandwidth Over Subscription Chapter
Page 66 and 67: Capacity Planning Chapter 2 Mediane
Page 68 and 69: Load Balancing Chapter 2 Medianet B
Page 70 and 71: EtherChannel Chapter 2 Medianet Ban
Page 72 and 73: Bandwidth Conservation Chapter 2 Me
Page 74 and 75: Summary Chapter 2 Medianet Bandwidt
Page 76 and 77: Network Availability Chapter 3 Medi
Page 78 and 79: Network Availability Chapter 3 Medi
Page 80 and 81: Device Availability Technologies Ch
Page 82 and 83: Device Availability Technologies Ch
Page 84 and 85: Network Availability Technologies C
Page 90 and 91:
Network Availability Technologies C
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Operational Availability Technologi
Page 106 and 107:
Summary Chapter 3 Medianet Availabi
Page 108 and 109:
Drivers for QoS Design Evolution Ch
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Cisco QoS Toolset Chapter 4 Mediane
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Enterprise Medianet Strategic QoS R
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
References Chapter 4 Medianet QoS D
Page 154 and 155:
References Chapter 4 Medianet QoS D
Page 156 and 157:
An Introduction to Securing a Media
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Medianet Security Reference Documen
Page 168 and 169:
Medianet Security Reference Documen
Page 170 and 171:
Network-Embedded Management Functio
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Cisco Network Analysis Module Chapt
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Application-Specific Management Fun
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Summary Chapter 6 Medianet Manageme
Page 252 and 253:
Auto Smartports Chapter 7 Medianet
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 276 and 277:
Location Services Chapter 7 Mediane
Page 278 and 279:
Summary Chapter 7 Medianet Auto Con
Page 280:
References Chapter 7 Medianet Auto
show all

Medianet Reference Guide - Cisco

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?