The only switch that Cisco currently supports with shunning is the Catalyst 6000/6500.
NOTE: Shunning is the sensor telneting to the device and executing commands to block an ip address. In a router the sensor creates router acls; in a Cat 6000 switch running Cat OS the sensor creates Vlan Acls; in a Pix the sensor executes a "shun" command.
Do not confuse shunning with TCP Resets in which the sensor itself sends out TCP Reset packets to reset a TCP connection.
The sensor can shun on multiple routers (see User Guide for a list of the officially supported routers) using standard IOS commands for creating router acls. If the lower end switches run IOS and support these same commands then it is possible that the sensor could create router Acls on these lower end switches. But this has not been officially tested by Cisco and is not officially supported by Cisco.
With that said I have heard of users "unoffocially" using the shun feature with lower end switches running IOS but I am not sure which ones. If someone on the Forum has attempted this then please respond with your experience.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...