Table of Contents
Advertisement
Layer 2 Path and Mitigation Configuration Example
Network Diagram
This section uses the network setup shown in the
Figure 19-14
Cisco CatOS 5000
Mitigation uses the Layer 2 path data obtained via SNMP or Telnet protocol to download a mitigation
command from the MARS to the device. The Layer 2 path is based on MAC addresses, the Layer 2
forwarding table, and the Layer 3 path. MAC addresses and the Layer 2 forwarding table are obtained
using SNMP.
To make the Layer 2 path and mitigation work correctly:
•
•
L2 devices must be added manually; there is no automatic discovery for these devices. Make sure all the
Note
L2 devices (switches) have the SNMP RO community strings specified in the web interface, even if the
access type is not SNMP. The SNMP RO community string is always required on Layer 2 devices for L2
mitigation.
•
User Guide for Cisco Security MARS Local Controller
19-18
Network Setup
switch
The associated routers must be discovered via SNMP or a combination of SNMP and Telnet,
including the MSFC module in the Catalyst switch.
The SNMP community string is necessary for L2 switches to be discovered
If the switches are interconnected, make sure STP (Spanning Tree Protocol) is enabled and
configured on them.
Chapter 19
Figure
19-14.
Cisco PIX Firewall
(firewall)
Cisco 7500 Router
(MainRouter)
Cisco CatOS 6500
switch (CatSw)
Cisco CatOS 5000
switch
Security
appliance
Incident Investigation and Mitigation
Internet
Cisco CatOS 5000
switch (KittenSw)
!
Infected
host
78-17020-01
Advertisement
Table of Contents
Troubleshooting
