Security Concern for MS350-24X

Ruch_D
Comes here often

Security Concern for MS350-24X

Hi All, 

 

Is there any security risks/concerns of using MS350-24X switch as server segment switch. 

 

Thanks in Advance

7 REPLIES 7
Brash
Kind of a big deal
Kind of a big deal

This question is very vague...

The switch can segment vlans, implement ACL's and perform 802.1x auth like most other switches

Can you explain a bit further what kind of security concerns you're thinking of?

GIdenJoe
Kind of a big deal
Kind of a big deal

A switch won't do deep packet inspection if you would need this between your clients and your servers.

You can use basic L3/4 segmentation and rules (limited to 128 ACE's for the entire network) if you want to use switches to route between clients and servers.  The upside however is that switches forward in hardware as opposed to firewalls which has a much higher throughput capability.  You can ofcourse scale firewalls to meet these requirements but that could be cost prohibitive.

 

It depends on the usecase.

GreenMan
Meraki Employee
Meraki Employee

For a server type environment, I wouldn't recommend relying soley on the security capabilities of any switch, really.   What I would say is that MS350 (and Meraki switches in general) aren't designed specifically with servers / data centres in mind.   This is why Nexus switching exists, within the wider Cisco portfolio.   That having been said, in environments which aren't too demanding - in areas such as ultra-low latency and deep packet buffering - MS350 will do a decent job.   The same could have been said for (for example) stacks of Catalyst 3750s, back in the day and lots of people still used those in server rooms very successfully if they weren't driven too hard.

GIdenJoe
Kind of a big deal
Kind of a big deal

For me it's not that clear if he means a switch to segment the datacenter from the lan network or to use inside the datacenter for host connectivity.

GreenMan
Meraki Employee
Meraki Employee

Indeed, @GIdenJoe that clarification would be useful, @Ruch_D ...  ?

Ruch_D
Comes here often

Hi,

 

Thank you for all of your valuable responses. 

 

We are planning to deploy MS 350-24X switch stack to connect customers internal Server segment. We are not using this switch for a data center environment. we are using to connect internal server segment.

 

however, someone has told customer, that using meraki cloud manage switches to connect server segment will cause/posses security concerns due to cloud management option. Thats what i want to clarify. 

 

Based on the reply given by @GreenMan now i have doubt to use MS 350-24X switches to connect customer internal server segment.

cmr
Kind of a big deal
Kind of a big deal

@Ruch_D the Meraki switches are no less secure than traditional Cisco Catalyst or HPE switching etc.  What @GreenMan is alluding to is that using a switch specifically designed for high throughput with stateful inspection to segment datacentre traffic is the best option.  If you are comparing a Meraki MS350 to a Cisco 9300 or equivalent then they are no less secure.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels