cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
467
Views
0
Helpful
1
Replies

CSS 11501 Out of Band Ethernet Port Security

sfrisby
Cisco Employee
Cisco Employee

We have connected the CSS switches to our internal network via the out of band management port temporarily. The CSS VIPS will be INET facing once in production. We would like to manage the switch / syslog / and send snmp trap information directly into our internal network via the out of band ethernet interface. If the CSS switch were compromised inband – can an attacker hop from the CSS to the out of band network ? Since there is no default gateway once the switch is booted , we opened up the netmask and are relying on proxy-arp from the next hop router to get to the switch.

1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

you mean that if somebody could gain access to the CSS and from there access the rest of your network ?

First I don't see how you could gain access to the CSS. If this happens and you control everything on the CSS, I assume you could send traffic wherever you want. However, there is no telnet or ssh client on the CSS. So, I don't know what you could do.

And you could not use the CSS as a router between INET and the management port since this are separated routing table.

Gilles.

Review Cisco Networking for a $25 gift card