Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CS-MARS and layer 2 mitigation

Hi all

I have two layer 3 switches and two PIXes defined and active in MARS. This setup represents our backbone with several 35xx and 36xx switches as layer 2 access switches. VLAN switching takes place in the backbone switches and is visible in MARS where mitigating is also suggested using access lists on the layer 3 switches. This does however not work when the traffic doesn't leave the VLAN, for example when a user on an access switch is accessing a server on the user VLAN. As I understand from the manual this is because MARS need a full NACaware system to be able to suggest mitigation commands on the access switches. One other problem is that the access switches never report connecting MAC addresses to the MARS/syslog.

Is it possible to have MARS suggest mitigation points and commands on the access switches? Have I missed some logging command that would enable this information to reach MARS?


Fredrik Hofgren


Re: CS-MARS and layer 2 mitigation

I think you should check if you have given the enable password for the devices in MARS. For mitigation following link may help you

New Member

Re: CS-MARS and layer 2 mitigation

That I have configured already. My problem is however that the layer 2 devices don't, and as I have understood never can, report the traffic to MARS. Thus layer 2 mitigation would be available only if you have 802.1x enabled recording the exact ports where the offending computers are connected.

Please correct me if I'm wrong here

CreatePlease to create content