Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
2
Replies

CS-MARS and layer 2 mitigation

hoffa2000
Level 3
Level 3

‎08-20-2007 05:21 AM - edited ‎03-09-2019 06:38 PM

Hi all

I have two layer 3 switches and two PIXes defined and active in MARS. This setup represents our backbone with several 35xx and 36xx switches as layer 2 access switches. VLAN switching takes place in the backbone switches and is visible in MARS where mitigating is also suggested using access lists on the layer 3 switches. This does however not work when the traffic doesn't leave the VLAN, for example when a user on an access switch is accessing a server on the user VLAN. As I understand from the manual this is because MARS need a full NACaware system to be able to suggest mitigation commands on the access switches. One other problem is that the access switches never report connecting MAC addresses to the MARS/syslog.

Is it possible to have MARS suggest mitigation points and commands on the access switches? Have I missed some logging command that would enable this information to reach MARS?

Regards

Fredrik Hofgren

Labels:
0 Helpful
2 Replies 2

carenas123
Level 5
Level 5

‎08-24-2007 08:28 AM

I think you should check if you have given the enable password for the devices in MARS. For mitigation following link may help you

http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a008072f396.html

0 Helpful

hoffa2000
Level 3
Level 3
In response to carenas123

‎08-24-2007 11:59 AM

That I have configured already. My problem is however that the layer 2 devices don't, and as I have understood never can, report the traffic to MARS. Thus layer 2 mitigation would be available only if you have 802.1x enabled recording the exact ports where the offending computers are connected.

Please correct me if I'm wrong here

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents