Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
191
Views
0
Helpful
1
Replies

Shuns on a Switch

travis-dennis_2
Level 7
Level 7

‎02-28-2003 05:58 PM - edited ‎03-09-2019 02:19 AM

Can anyone tell me what is the lowest end switch a 4210 can issue shun commands to?

Labels:
0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎03-03-2003 10:44 AM

The only switch that Cisco currently supports with shunning is the Catalyst 6000/6500.

NOTE: Shunning is the sensor telneting to the device and executing commands to block an ip address. In a router the sensor creates router acls; in a Cat 6000 switch running Cat OS the sensor creates Vlan Acls; in a Pix the sensor executes a "shun" command.

Do not confuse shunning with TCP Resets in which the sensor itself sends out TCP Reset packets to reset a TCP connection.

The sensor can shun on multiple routers (see User Guide for a list of the officially supported routers) using standard IOS commands for creating router acls. If the lower end switches run IOS and support these same commands then it is possible that the sensor could create router Acls on these lower end switches. But this has not been officially tested by Cisco and is not officially supported by Cisco.

With that said I have heard of users "unoffocially" using the shun feature with lower end switches running IOS but I am not sure which ones. If someone on the Forum has attempted this then please respond with your experience.

0 Helpful
Customers Also Viewed These Support Documents