Difference between revisions of "MAC address flooding"
m (→What is MAC address flooding) |
m |
||
(2 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
=== Port shutdown === | === Port shutdown === | ||
If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port | If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port | ||
− | < | + | <source lang=cli> |
− | Switch(config)# interface fastethernet 0/1 - 24 | + | Switch(config)# interface range fastethernet 0/1 - 24 |
Switch(config-if)switchport port-security maximum 5 | Switch(config-if)switchport port-security maximum 5 | ||
Switch(config-if)switchport port-security violation shutdown | Switch(config-if)switchport port-security violation shutdown | ||
− | </ | + | </source> |
+ | |||
=== Allow legal traffic and discard rest. No logging === | === Allow legal traffic and discard rest. No logging === | ||
If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you ''don't'' want to log the attempt to use more than five MAC-addresses, use: | If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you ''don't'' want to log the attempt to use more than five MAC-addresses, use: | ||
− | < | + | <source lang=cli> |
− | Switch(config)# interface fastethernet 0/1 - 24 | + | Switch(config)# interface range fastethernet 0/1 - 24 |
Switch(config-if)switchport port-security maximum 5 | Switch(config-if)switchport port-security maximum 5 | ||
Switch(config-if)switchport port-security violation protect | Switch(config-if)switchport port-security violation protect | ||
− | </ | + | </source> |
=== Allow legal traffic and discard rest. SNMP trap logging === | === Allow legal traffic and discard rest. SNMP trap logging === | ||
If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you want to log the attempt to use more than five MAC-addresses. [[SNMP]] traps are sent, use: | If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you want to log the attempt to use more than five MAC-addresses. [[SNMP]] traps are sent, use: | ||
− | < | + | <source lang=cli> |
− | Switch(config)# interface fastethernet 0/1 - 24 | + | Switch(config)# interface range fastethernet 0/1 - 24 |
Switch(config-if)switchport port-security maximum 5 | Switch(config-if)switchport port-security maximum 5 | ||
Switch(config-if)switchport port-security violation restrict | Switch(config-if)switchport port-security violation restrict | ||
− | </ | + | </source> |
− | + | {{Source cli}} | |
− | |||
− | |||
− | |||
− | |||
[[Category:Cisco]][[Category:CCNA]][[Category:CCNP]][[Category:IOS]][[Category:Network]][[Category:CCNP3]] | [[Category:Cisco]][[Category:CCNA]][[Category:CCNP]][[Category:IOS]][[Category:Network]][[Category:CCNP3]] |
Latest revision as of 13:04, 11 September 2012
Contents
What is MAC address flooding
MAC address flooding is an attack where the attacker sends frames to the switch with random source MAC addresses and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.
Protecting against MAC Address flooding
Is done on a port basis.
Example
Up to five MAC address are allowed on user ports.
Port shutdown
If you want the port to go in err-disabled if more than five MAC-addresses are seen on the port
Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation shutdown
Allow legal traffic and discard rest. No logging
If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you don't want to log the attempt to use more than five MAC-addresses, use:
Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation protect
Allow legal traffic and discard rest. SNMP trap logging
If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you want to log the attempt to use more than five MAC-addresses. SNMP traps are sent, use:
Switch(config)# interface range fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation restrict