• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1996
  • Last Modified:

Dynamic ARP Inspection on Cisco 2950?

Hey all,

We're trying to complete some compliance testing at our local office and have run into a little problem:

In order to pass certain internal pen tests we need to have Dynamic ARP Inspection enabled on our internal switches to prevent man in the middle style attacks.

However, although I thought our switches could accommodate this feature it seems now they may not. Does anyone know how to enable DAI on a Cisco 2950 or how to enable a similar feature that will help accomplish the task of thwarting these styles of attacks?

Any and all help is greatly appreciated!!!
0
Telecomm
Asked:
Telecomm
  • 4
  • 3
  • 2
3 Solutions
 
bsohn417Commented:
2950 doesn't support
0
 
Istvan KalmarHead of IT Security Division Commented:
Hi

I regret to tell you, but is not feature on 2950, it is introduced on 4500:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/dynarp.html

Best regards,
Istvan
0
 
TelecommAuthor Commented:
So there is nothing at all that can be done with a 2950 to help prevent this style of internal attack?
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
Istvan KalmarHead of IT Security Division Commented:
The following security feature do you have:

-      port security
-      DHCP snooping
-      Storm Control
-      BPDU Guard
0
 
Istvan KalmarHead of IT Security Division Commented:
but the to prevent DIA there is no feature.....
0
 
TelecommAuthor Commented:
The only objective I need to really complete is to increase security against man in the middle style attacks.

Is there anything I can do with my current 2950's to reach this goal (combo of DHCP Snooping and?).

I'm just trying to reach a compliant state without having to go and spend thousands of dollars on new LAN switches....

Thanks.
0
 
bsohn417Commented:
0
 
TelecommAuthor Commented:
Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now