Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Shuns on a Switch

Can anyone tell me what is the lowest end switch a 4210 can issue shun commands to?

Cisco Employee

Re: Shuns on a Switch

The only switch that Cisco currently supports with shunning is the Catalyst 6000/6500.

NOTE: Shunning is the sensor telneting to the device and executing commands to block an ip address. In a router the sensor creates router acls; in a Cat 6000 switch running Cat OS the sensor creates Vlan Acls; in a Pix the sensor executes a "shun" command.

Do not confuse shunning with TCP Resets in which the sensor itself sends out TCP Reset packets to reset a TCP connection.

The sensor can shun on multiple routers (see User Guide for a list of the officially supported routers) using standard IOS commands for creating router acls. If the lower end switches run IOS and support these same commands then it is possible that the sensor could create router Acls on these lower end switches. But this has not been officially tested by Cisco and is not officially supported by Cisco.

With that said I have heard of users "unoffocially" using the shun feature with lower end switches running IOS but I am not sure which ones. If someone on the Forum has attempted this then please respond with your experience.