DoS on CBS350

uuette · ‎05-19-2025

Hi,

I lost access, via the console, to my CBS350 switch three days after I added MAC-layer station source addresses to the MAC address table. DoS includes attached devices not being able to receive their dynamic IPv4 addresses. As a test, when a device, like the TV, is connected directly to the router (pfSense, which serves as the gateway and DHCP server) the device is assigned an IP address and connection is established.

Is there a way to regain access without unplugging the switch? I'd like to copy the syslog for review. Also, and more importantly, how can I prevent this attack from happening again? Thanks.

Enes Simnica · ‎06-17-2025

Hello. It sounds like your MAC address table modifications may have caused a forwarding disruption. Try these steps:

To regain access without unplugging: Power cycle just the switch (if possible). Try accessing via SSH if console isn't responding and then if you have a backup config, you could restore it.

Also to prevent future issues make sure to implement port security to limit MAC addresses per port. Enable DHCP snooping to prevent rogue DHCP servers. Configure storm control for broadcast/multicast traffic and as a bonus consider 802.1X for device authentication.

And man, Im afraid that for immediate recovery, you might need to factory reset if other access methods fail. The syslog would indeed help diagnose, but if you can't retrieve it now, consider configuring remote logging for future incidents.....

hope it helps...

-Enes

more Cisco?!
more Gym?!

If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!