I have searched the forums but come up empty so far. I have a 3550 colocated with 5 machines currently connected, pushing only about 20mbit 95%. I have an etherchannel connection on the gbit uplinks to the data centers 3560. While i havent really been noticing any strange behavior on the connected machines yet looking at the snmp cpu graphs is a bit disturbing when i see cpu usage hitting 70% while traffic is less than 1mbit at the time. Any help is greatly appreciated this is my first cisco device and im unsure if the switch is being attacked or there is some other missconfiguration?
Just as i was running that ssh process jumped up, im not sure if it's because im connected via ssh or not, however subsequent runs it dropped down to less than 1%
Assuming there is nothing glaringly wrong with my switch configuration is it safe to assume ssh is being attacked and causing the load? Would creating an acl to only allow the connected machines to connect via ssh solve that problem? Thank you again for any help and please excuse my ignorance this is my first cisco device.
Do you have a public IP on your 3550 (most probably not, but just in case...)? If I connect a router to a publc IP, I get immediately a lot of SSH dictionary attacks, however, it's not burning the processor.
Actually, could be a lot of stuff - here's what comes into my mind:
You can use bpdu guard in conjunction with the portfast feature, because it helps to prevent loops (if it will see a loop (bpdu packet), it will shut down the port and you will get the guilty person:))
Thank you for the reply, yes the switch does have public facing IP's it is colocated in a data center so the first IP of every vlan is reachable. I'm sorry for my ignorance as i've never heard of bpdu but if it shuts down ports as you say would this disrupt service? Also the only mac addresses i see are of my connected machines and the switch on the other end of the uplinks.
Generally when you connect to the switch via SSH, the CPU utilization will rise depending upon the type of activity you are performing on the switch. If you are executing any commands like "show tech" or "show run" that require the switch to push quite a bit of data to the ssh console, then the CPU util might increase to some extent. It is a better idea to block SSH access to external (internet) devices as it will protect your switch from any attacks.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...