Difference between revisions of "MAC address flooding"

From Teknologisk videncenter
Jump to: navigation, search
m
m (What is MAC address flooding)
Line 1: Line 1:
 
= What is MAC address flooding =
 
= What is MAC address flooding =
MAC address flooding is an attack where the attacker sends lots of frames to the switch with random ''source MAC addresses'' and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.
+
MAC address flooding is an attack where the attacker sends frames to the switch with random ''source MAC addresses'' and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.
 +
 
 
= Protecting against MAC Address flooding =
 
= Protecting against MAC Address flooding =
 
Is done on a port basis.
 
Is done on a port basis.

Revision as of 05:34, 9 May 2009

What is MAC address flooding

MAC address flooding is an attack where the attacker sends frames to the switch with random source MAC addresses and flooding the MAC-address table in the switch. The CAM - Content Addressable Memory - gets full, and frames from valid hosts are flooded out of all ports.

Protecting against MAC Address flooding

Is done on a port basis.

Example

Up to five MAC address are allowed on user ports.

Port shutdown

If you want the port to go in err-disabled if more than five MAC-addresses are seen on the port

Switch(config)# interface fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation shutdown

Allow legal traffic and discard rest. No logging

If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you don't want to log the attempt to use more than five MAC-addresses, use:

Switch(config)# interface fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation protect

Allow legal traffic and discard rest. SNMP trap logging

If you want the port continue forwarding traffic from five MAC-addresses and discard remaining traffic and you want to log the attempt to use more than five MAC-addresses. SNMP traps are sent, use:

Switch(config)# interface fastethernet 0/1 - 24
Switch(config-if)switchport port-security maximum 5
Switch(config-if)switchport port-security violation restrict


</pre>