Difference between revisions of "MAC address flooding"

From Teknologisk videncenter
Jump to: navigation, search
 
m
Line 1: Line 1:
 +
= What is MAC address flooding =
 +
MAC address flooding is an attack where the attacker sends lots of frames to the switch with random ''source MAC addresses'' and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.
 +
= Protecting against MAC Address flooding =
 +
Is done on a port basis.
 +
== Example ==
 +
Up to five MAC address are allowed on user ports.
 +
=== Port shutdown ===
 +
If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port
 +
<pre>
 +
Switch(config)# interface fastethernet 0/1 - 24
 +
Switch(config-if)switchport port-security maximum 5
 +
Switch(config-if)switchport port-security violation shutdown
 +
</pre>
 +
=== Allow legal traffic and discard rest. No logging ===
 +
If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port
 +
<pre>
 +
Switch(config)# interface fastethernet 0/1 - 24
 +
Switch(config-if)switchport port-security maximum 5
 +
Switch(config-if)switchport port-security violation protect
 +
</pre>
 +
=== Allow legal traffic and discard rest. SNMP trap logging ===
 +
If you want the port to go in '''err-disabled''' if more than five MAC-addresses are seen on the port
 +
<pre>
 +
Switch(config)# interface fastethernet 0/1 - 24
 +
Switch(config-if)switchport port-security maximum 5
 +
Switch(config-if)switchport port-security violation restrict
 +
</pre>
 +
 +
 +
</pre>
 +
 +
 
[[Category:Cisco]][[Category:CCNA]][[Category:CCNP]][[Category:IOS]][[Category:Network]][[Category:CCNP3]]
 
[[Category:Cisco]][[Category:CCNA]][[Category:CCNP]][[Category:IOS]][[Category:Network]][[Category:CCNP3]]

Revision as of 19:15, 7 May 2009

What is MAC address flooding

MAC address flooding is an attack where the attacker sends lots of frames to the switch with random source MAC addresses and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.

Protecting against MAC Address flooding

Is done on a port basis.

Example

Up to five MAC address are allowed on user ports.

Port shutdown

If you want the port to go in err-disabled if more than five MAC-addresses are seen on the port

Switch(config)# interface fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation shutdown

Allow legal traffic and discard rest. No logging

If you want the port to go in err-disabled if more than five MAC-addresses are seen on the port

Switch(config)# interface fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation protect

Allow legal traffic and discard rest. SNMP trap logging

If you want the port to go in err-disabled if more than five MAC-addresses are seen on the port

Switch(config)# interface fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation restrict


</pre>