Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
3
Replies

Security of a 2948G L2 switch outside of our immediate control.

mitchell_kohn
Level 1
Level 1

‎05-20-2002 11:29 AM - edited ‎03-08-2019 10:42 PM

Hi,

Can anyone tell me where to look for the syntax to apply an incoming acl

list on my 6509 switch and/or is there a way to syslog a particular port? I only have Sup1 module and do not have a Policy Feature Card. I do have a 8510 that does all of my Vlan routing.

The reason I am asking is that I will have a 2948G outside of my control with devices still being abled to connect to my Win NT network. I disabled local console/telnet connections including the enable ones, disabled ports which are not going to used and configured them with a null vlan information. I am also using Cisco Secure for authentication. We are wanting to be able to log if the device goes offline and don't want anyone to be able to recover the password via turning off the power and going through the password recovery methods.

Thanks,

Mitch

Mitch Kohn

Network Administrator

Labels:
0 Helpful
3 Replies 3

ciscomoderator
Community Manager
Community Manager

‎05-28-2002 05:38 PM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful

bkganesh
Cisco Employee
Cisco Employee

‎06-06-2002 09:43 AM

I am assuming your 6509 is running CatOS. You can use VACLs to access-control traffic entering a VLAN on Catalyst 6000 switches running CatOS. You can find more details at http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/cmd_ref/setsn_su.htm#17780

However, VACLs require a Policy feature card (PFC) on the supervisor.

-Ganesh.

0 Helpful

bsivasub
Level 4
Level 4

‎06-22-2002 07:02 PM

Configuring IP permit list would prevent un-authorized access to your CAT switches

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_6_3/confg_gd/ip_perm.htm

Make sure the config-register is 0x2102 which ignores break sequence.

But, If someone can physically connect to the console and do password recovery, you may have to secure the switch physically and there is nothing CISCO IOS can do.

0 Helpful
Customers Also Viewed These Support Documents