Difference between revisions of "MAC address flooding"

From Teknologisk videncenter
Jump to: navigation, search
m
m
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
= What is MAC address flooding =
 
= What is MAC address flooding =
MAC address flooding is an attack where the attacker sends lots of frames to the switch with random ''source MAC addresses'' and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.
+
MAC address flooding is an attack where the attacker sends frames to the switch with random ''source MAC addresses'' and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.
 +
 
 
= Protecting against MAC Address flooding =
 
= Protecting against MAC Address flooding =
 
Is done on a port basis.
 
Is done on a port basis.
Line 7: Line 8:
 
=== Port shutdown ===
 
=== Port shutdown ===
 
If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port
 
If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port
<pre>
+
<source lang=cli>
Switch(config)# interface fastethernet 0/1 - 24
+
Switch(config)# interface range fastethernet 0/1 - 24
 
Switch(config-if)switchport port-security maximum 5
 
Switch(config-if)switchport port-security maximum 5
 
Switch(config-if)switchport port-security violation shutdown
 
Switch(config-if)switchport port-security violation shutdown
</pre>
+
</source>
 +
 
 
=== Allow legal traffic and discard rest. No logging ===
 
=== Allow legal traffic and discard rest. No logging ===
If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port
+
If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you ''don't'' want to log the attempt to use more than five MAC-addresses, use:
<pre>
+
<source lang=cli>
Switch(config)# interface fastethernet 0/1 - 24
+
Switch(config)# interface range fastethernet 0/1 - 24
 
Switch(config-if)switchport port-security maximum 5
 
Switch(config-if)switchport port-security maximum 5
 
Switch(config-if)switchport port-security violation protect
 
Switch(config-if)switchport port-security violation protect
</pre>
+
</source>
 
=== Allow legal traffic and discard rest. SNMP trap logging ===
 
=== Allow legal traffic and discard rest. SNMP trap logging ===
If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port
+
If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you want to log the attempt to use more than five MAC-addresses. [[SNMP]] traps are sent, use:
<pre>
+
<source lang=cli>
Switch(config)# interface fastethernet 0/1 - 24
+
Switch(config)# interface range fastethernet 0/1 - 24
 
Switch(config-if)switchport port-security maximum 5
 
Switch(config-if)switchport port-security maximum 5
 
Switch(config-if)switchport port-security violation restrict
 
Switch(config-if)switchport port-security violation restrict
</pre>
+
</source>
 
+
{{Source cli}}
 
 
</pre>
 
 
 
 
 
 
[[Category:Cisco]][[Category:CCNA]][[Category:CCNP]][[Category:IOS]][[Category:Network]][[Category:CCNP3]]
 
[[Category:Cisco]][[Category:CCNA]][[Category:CCNP]][[Category:IOS]][[Category:Network]][[Category:CCNP3]]

Latest revision as of 13:04, 11 September 2012

What is MAC address flooding

MAC address flooding is an attack where the attacker sends frames to the switch with random source MAC addresses and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.

Protecting against MAC Address flooding

Is done on a port basis.

Example

Up to five MAC address are allowed on user ports.

Port shutdown

If you want the port to go in err-disabled if more than five MAC-addresses are seen on the port

Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation shutdown

Allow legal traffic and discard rest. No logging

If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you don't want to log the attempt to use more than five MAC-addresses, use:

Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation protect

Allow legal traffic and discard rest. SNMP trap logging

If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you want to log the attempt to use more than five MAC-addresses. SNMP traps are sent, use:

Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation restrict