Dynamic ARP Inspection on Cisco 2950?
Hey all,
We're trying to complete some compliance testing at our local office and have run into a little problem:
In order to pass certain internal pen tests we need to have Dynamic ARP Inspection enabled on our internal switches to prevent man in the middle style attacks.
However, although I thought our switches could accommodate this feature it seems now they may not. Does anyone know how to enable DAI on a Cisco 2950 or how to enable a similar feature that will help accomplish the task of thwarting these styles of attacks?
Any and all help is greatly appreciated!!!
We're trying to complete some compliance testing at our local office and have run into a little problem:
In order to pass certain internal pen tests we need to have Dynamic ARP Inspection enabled on our internal switches to prevent man in the middle style attacks.
However, although I thought our switches could accommodate this feature it seems now they may not. Does anyone know how to enable DAI on a Cisco 2950 or how to enable a similar feature that will help accomplish the task of thwarting these styles of attacks?
Any and all help is greatly appreciated!!!
2950 doesn't support
Hi
I regret to tell you, but is not feature on 2950, it is introduced on 4500:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/dynarp.html
Best regards,
Istvan
I regret to tell you, but is not feature on 2950, it is introduced on 4500:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/dynarp.html
Best regards,
Istvan
ASKER
So there is nothing at all that can be done with a 2950 to help prevent this style of internal attack?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
but the to prevent DIA there is no feature.....
ASKER
The only objective I need to really complete is to increase security against man in the middle style attacks.
Is there anything I can do with my current 2950's to reach this goal (combo of DHCP Snooping and?).
I'm just trying to reach a compliant state without having to go and spend thousands of dollars on new LAN switches....
Thanks.
Is there anything I can do with my current 2950's to reach this goal (combo of DHCP Snooping and?).
I'm just trying to reach a compliant state without having to go and spend thousands of dollars on new LAN switches....
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!