08-20-2007 05:21 AM - edited 03-09-2019 06:38 PM
Hi all
I have two layer 3 switches and two PIXes defined and active in MARS. This setup represents our backbone with several 35xx and 36xx switches as layer 2 access switches. VLAN switching takes place in the backbone switches and is visible in MARS where mitigating is also suggested using access lists on the layer 3 switches. This does however not work when the traffic doesn't leave the VLAN, for example when a user on an access switch is accessing a server on the user VLAN. As I understand from the manual this is because MARS need a full NACaware system to be able to suggest mitigation commands on the access switches. One other problem is that the access switches never report connecting MAC addresses to the MARS/syslog.
Is it possible to have MARS suggest mitigation points and commands on the access switches? Have I missed some logging command that would enable this information to reach MARS?
Regards
Fredrik Hofgren
08-24-2007 08:28 AM
I think you should check if you have given the enable password for the devices in MARS. For mitigation following link may help you
http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a008072f396.html
08-24-2007 11:59 AM
That I have configured already. My problem is however that the layer 2 devices don't, and as I have understood never can, report the traffic to MARS. Thus layer 2 mitigation would be available only if you have 802.1x enabled recording the exact ports where the offending computers are connected.
Please correct me if I'm wrong here
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: