Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1197
Views
10
Helpful
3
Replies

VA Scan do using console

Go to solution
MrBeginner
Spotlight
Spotlight

‎09-24-2021 03:22 AM

Hi,

I am not familiar with VA scan.

Our switch don't have the management IP and SSH is not turn on .

I just want to know that VA scan do using console ? or If switch don't have IP and SSH access, VA cannot do ?

what kind of information can i give them to VA scan ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to MrBeginner

‎09-27-2021 07:45 AM

@MrBeginner 

If there is no IP address at all then there is nothing to scan, so no point.

 

If you do wish to assign an IP address in future, use a VTY line access-list to restrict managment access from trusted networks/IP addresses. If the VA scan was performed from a network/IP address not defined in that ACL, they'd be denied access.

 

 

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎09-24-2021 03:34 AM

@MrBeginner when you say VA scan are you referring to Vulnerability Assessment scan?

 

How do you connect to the switch remotely? If the switch has an IP address then a VA scan can be run against the device, the switch does not necessarily need a dedicated management interface IP.

 

You would just give them the IP address and they would scan the IP address to determine what protocols are open on the device. Ideally you would lock down the device, disable insecure protocols (telnet, http etc) and use SSH with a VTY ACL minimum.

Go to solution
MrBeginner
Spotlight
Spotlight
In response to Rob Ingram

‎09-27-2021 07:39 AM

Hi,

My switch don't have the management IP. I use local console access.

so i just want to know if we are using local console access only, do we still need to do VA test ?

VA test can do on Management IP only ?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to MrBeginner

‎09-27-2021 07:45 AM

@MrBeginner 

If there is no IP address at all then there is nothing to scan, so no point.

 

If you do wish to assign an IP address in future, use a VTY line access-list to restrict managment access from trusted networks/IP addresses. If the VA scan was performed from a network/IP address not defined in that ACL, they'd be denied access.

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card