Catalyst C3500XL - Interface Blocked Security Advisory

dennis · ‎07-29-2003

The C3500XL do run IOS but are they vulnerable to the DOS attack outlined in the Cisco July 18 Security Advisory?

If so I guees the only solution is to upgrade the IOS as they do not support ACL's as required for the work around.

Prashanth Krishnappa · ‎07-29-2003

Yes..XLs are vulnerable. The management interface could get wedged causing to loose IP connectivity to the switch.

milan.kulik · ‎07-29-2003

Wouldn't be enough to configure

access-list 101 permit tcp any any

access-list 101 permit udp any any

access-list 101 deny 53 any any

access-list 101 deny 55 any any

access-list 101 deny 77 any any

access-list 101 deny 103 any any

access-list 101 permit ip any any

interface VLANx

ip access-group 101 in

while using int VLANx as the management interface?

I've just done it on my C3548-XL running IOS 12.0(5)WC5a.

Regards,

Milan