Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
1
Replies

CSS 11501 Out of Band Ethernet Port Security

sfrisby
Cisco Employee
Cisco Employee

‎10-10-2003 10:16 AM

We have connected the CSS switches to our internal network via the out of band management port temporarily. The CSS VIPS will be INET facing once in production. We would like to manage the switch / syslog / and send snmp trap information directly into our internal network via the out of band ethernet interface. If the CSS switch were compromised inband – can an attacker hop from the CSS to the out of band network ? Since there is no default gateway once the switch is booted , we opened up the netmask and are relying on proxy-arp from the next hop router to get to the switch.

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎10-13-2003 04:06 AM

you mean that if somebody could gain access to the CSS and from there access the rest of your network ?

First I don't see how you could gain access to the CSS. If this happens and you control everything on the CSS, I assume you could send traffic wherever you want. However, there is no telnet or ssh client on the CSS. So, I don't know what you could do.

And you could not use the CSS as a router between INET and the management port since this are separated routing table.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card