[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1972
  • Last Modified:

Dynamic ARP Inspection on Cisco 2950?

Hey all,

We're trying to complete some compliance testing at our local office and have run into a little problem:

In order to pass certain internal pen tests we need to have Dynamic ARP Inspection enabled on our internal switches to prevent man in the middle style attacks.

However, although I thought our switches could accommodate this feature it seems now they may not. Does anyone know how to enable DAI on a Cisco 2950 or how to enable a similar feature that will help accomplish the task of thwarting these styles of attacks?

Any and all help is greatly appreciated!!!
0
Telecomm
Asked:
Telecomm
  • 4
  • 3
  • 2
3 Solutions
 
bsohn417Commented:
2950 doesn't support
0
 
Istvan KalmarCommented:
Hi

I regret to tell you, but is not feature on 2950, it is introduced on 4500:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/dynarp.html

Best regards,
Istvan
0
 
TelecommAuthor Commented:
So there is nothing at all that can be done with a 2950 to help prevent this style of internal attack?
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Istvan KalmarCommented:
The following security feature do you have:

-      port security
-      DHCP snooping
-      Storm Control
-      BPDU Guard
0
 
Istvan KalmarCommented:
but the to prevent DIA there is no feature.....
0
 
TelecommAuthor Commented:
The only objective I need to really complete is to increase security against man in the middle style attacks.

Is there anything I can do with my current 2950's to reach this goal (combo of DHCP Snooping and?).

I'm just trying to reach a compliant state without having to go and spend thousands of dollars on new LAN switches....

Thanks.
0
 
bsohn417Commented:
0
 
TelecommAuthor Commented:
Thanks!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now