Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Excluding Internal Networks From Shunning.

How can I exclude internal network from getting shunned?

One more question, Is the shunning on Catalyst 6500 done on particular ports?

Thanks in advanced

3 REPLIES
New Member

Re: Excluding Internal Networks From Shunning.

If you put your internal network ranges into the "IP Addresses Never to Shun" configuration section, the sensor will not issues shuns for events sourced from those addresses.

Cisco Employee

Re: Excluding Internal Networks From Shunning.

As for your second question.

If the sensor is shunning on the MSFC, or is shunning with Native IOS running on the supervisor, then it will shun on router interfaces using a traditional Router ACL. The router interfaces in the MSFC woudl be vlan interfaces with actual ip addresses assigned, and in Native IOS may be vlan interfaces with IP addresses or physical interfaces with ip addresses. The shun will be applied only to packets that would have been routed through the interface.

If the sensor is shunning on the supervisor of the Cat 6500 running the traditional Cat OS, then the shun will be using a Vlan ACL. The Vlan ACL is applied to the entire vlan (instead of just the vlan interface with an IP). All packets entering that vlan will be tested against the Vlan ACL.

New Member

Re: Excluding Internal Networks From Shunning.

This is what I'm trying to accomplish for the shunning:

I do not want to shun if traffic coming from inside is going to another host inside the network, but I want to have it shunned if it goes to external hosts.

137
Views
0
Helpful
3
Replies
CreatePlease login to create content