CS-MARS and layer 2 mitigation

Unanswered Question
Aug 20th, 2007

Hi all

I have two layer 3 switches and two PIXes defined and active in MARS. This setup represents our backbone with several 35xx and 36xx switches as layer 2 access switches. VLAN switching takes place in the backbone switches and is visible in MARS where mitigating is also suggested using access lists on the layer 3 switches. This does however not work when the traffic doesn't leave the VLAN, for example when a user on an access switch is accessing a server on the user VLAN. As I understand from the manual this is because MARS need a full NACaware system to be able to suggest mitigation commands on the access switches. One other problem is that the access switches never report connecting MAC addresses to the MARS/syslog.

Is it possible to have MARS suggest mitigation points and commands on the access switches? Have I missed some logging command that would enable this information to reach MARS?


Fredrik Hofgren

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hoffa2000 Fri, 08/24/2007 - 11:59

That I have configured already. My problem is however that the layer 2 devices don't, and as I have understood never can, report the traffic to MARS. Thus layer 2 mitigation would be available only if you have 802.1x enabled recording the exact ports where the offending computers are connected.

Please correct me if I'm wrong here


This Discussion