09-24-2021 03:22 AM
Hi,
I am not familiar with VA scan.
Our switch don't have the management IP and SSH is not turn on .
I just want to know that VA scan do using console ? or If switch don't have IP and SSH access, VA cannot do ?
what kind of information can i give them to VA scan ?
Solved! Go to Solution.
09-27-2021 07:45 AM
If there is no IP address at all then there is nothing to scan, so no point.
If you do wish to assign an IP address in future, use a VTY line access-list to restrict managment access from trusted networks/IP addresses. If the VA scan was performed from a network/IP address not defined in that ACL, they'd be denied access.
09-24-2021 03:34 AM
@MrBeginner when you say VA scan are you referring to Vulnerability Assessment scan?
How do you connect to the switch remotely? If the switch has an IP address then a VA scan can be run against the device, the switch does not necessarily need a dedicated management interface IP.
You would just give them the IP address and they would scan the IP address to determine what protocols are open on the device. Ideally you would lock down the device, disable insecure protocols (telnet, http etc) and use SSH with a VTY ACL minimum.
09-27-2021 07:39 AM
Hi,
My switch don't have the management IP. I use local console access.
so i just want to know if we are using local console access only, do we still need to do VA test ?
VA test can do on Management IP only ?
09-27-2021 07:45 AM
If there is no IP address at all then there is nothing to scan, so no point.
If you do wish to assign an IP address in future, use a VTY line access-list to restrict managment access from trusted networks/IP addresses. If the VA scan was performed from a network/IP address not defined in that ACL, they'd be denied access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide