Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco Employee

CSS 11501 Out of Band Ethernet Port Security

We have connected the CSS switches to our internal network via the out of band management port temporarily. The CSS VIPS will be INET facing once in production. We would like to manage the switch / syslog / and send snmp trap information directly into our internal network via the out of band ethernet interface. If the CSS switch were compromised inband – can an attacker hop from the CSS to the out of band network ? Since there is no default gateway once the switch is booted , we opened up the netmask and are relying on proxy-arp from the next hop router to get to the switch.

1 REPLY
Cisco Employee

Re: CSS 11501 Out of Band Ethernet Port Security

you mean that if somebody could gain access to the CSS and from there access the rest of your network ?

First I don't see how you could gain access to the CSS. If this happens and you control everything on the CSS, I assume you could send traffic wherever you want. However, there is no telnet or ssh client on the CSS. So, I don't know what you could do.

And you could not use the CSS as a router between INET and the management port since this are separated routing table.

Gilles.

133
Views
0
Helpful
1
Replies
CreatePlease login to create content