Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
868
Views
0
Helpful
1
Replies

Faulty Switch SLM2048

albertoathelia2012
Level 1
Level 1

‎11-13-2012 03:12 AM

    Hello.

serius

     Recently, our enterprise hired a security auditor, and we found a several issue with 2 SLM 2048 we have on our office.

     As it can read on here, https://supportforums.cisco.com/message/3402650#3402650 and here https://supportforums.cisco.com/message/3104265#3104265 . I have the same problems, dead ports that gets revived after a reboot, and the most worrying, after some hours or days, starts sending all traffic, to all ports.

     The auditor, in less than an hour, taked all the usernames and passwords of our users e-mail, among other things sniffing with wireshark.

     This is a very serious issue, with big security implications. And we have two identical units with the same problem. Yes, i know if i restart the switch, the issue disappears, but only for a few days if not hours. And not very professional, don't you think? Looking on the website, i found that this product is discontinued, and will not have more updates.

      I need a solution, already tryed to start a live support chat, but tells me that nobody is available, and try again in bussines hours. Don't understand, because now its 12:08 PM  here on Spain, and 12 in the morning, here is a bussines hour.

Labels:
0 Helpful
1 Reply 1

David Hornstein
Level 7
Level 7

‎11-20-2012 01:33 PM

Hello Alberto,

The feature to allow the auditor to see your email accounts ajnd passwords via wireshark is called port mirroring..

It is not a security vulnerability, as just about every managed switch has that ability.  This ability is needed for some security applications as well as diagnosing network issues.  Port mirroring can be a security violation , when used by the auditor in such as way. He could only mirror the port locally.

You have an option to tie down access to the management interface of the switch via the following tab on a replacement switch. See screen caoture below;

There are however more security options in the SG300-52 (order p/n SRW2048-K9-EU)  or you can replace your old switch with it's replacement  SG200-50 (order p/n   SLM2048T )

Still worthwhile  seeing if your old switch is still under  under warranty, if it is,  why not call the support folks.  Here is a URL that shows a local number for spain.

http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html

I hope this helps.

regards Dave

0 Helpful
Customers Also Viewed These Support Documents