Excluding Internal Networks From Shunning.

s.ferreira · ‎12-15-2003

How can I exclude internal network from getting shunned?

One more question, Is the shunning on Catalyst 6500 done on particular ports?

Thanks in advanced

astuckey · ‎12-16-2003

If you put your internal network ranges into the "IP Addresses Never to Shun" configuration section, the sensor will not issues shuns for events sourced from those addresses.

marcabal · ‎12-16-2003

As for your second question.

If the sensor is shunning on the MSFC, or is shunning with Native IOS running on the supervisor, then it will shun on router interfaces using a traditional Router ACL. The router interfaces in the MSFC woudl be vlan interfaces with actual ip addresses assigned, and in Native IOS may be vlan interfaces with IP addresses or physical interfaces with ip addresses. The shun will be applied only to packets that would have been routed through the interface.

If the sensor is shunning on the supervisor of the Cat 6500 running the traditional Cat OS, then the shun will be using a Vlan ACL. The Vlan ACL is applied to the entire vlan (instead of just the vlan interface with an IP). All packets entering that vlan will be tested against the Vlan ACL.

s.ferreira · ‎12-17-2003

This is what I'm trying to accomplish for the shunning:

I do not want to shun if traffic coming from inside is going to another host inside the network, but I want to have it shunned if it goes to external hosts.