OmniSecuSW1(config-if)#switchport port-security mac-address ? The default number of known secure MAC addresses is one. Sticky MAC addresses ("switchport port-security mac-address sticky") will allow us to enter dynamically learned MAC addresses to running config. We can do this by either hardcoding the MAC addresses of known devices (statically define the known MAC addresses) or configure "sticky" MAC Address. OmniSecuSW1(config-if)#switchport port-security maximum ?ģ) Define the MAC Addresses of known devices, which are going to access the network via that interface. Remember, it is possible that more that one genuine devices are connected to a switch interface (Example: a phone and a computer). OmniSecuSW1(config-if)#switchport port-securityĢ) Specify a maximum number of MAC addresses allowed on that interface. "switchport port-security" (at interface configuration mode) command can be used to enables Port Security. This goal is achieved by the following settings, which are related with a switch interface.ġ) Enable Port Security Feature. The goal of Port Security is to prevent a network attacker from sending large number of Ethernet Frames with forged fake source MAC addresses to a Switch interface. Port security feature is meant for access ports and it will not work on trunk ports, Ether-channel ports or SPAN (Switch Port Analyzer) ports. DHCP starvation attacks can result in depletion of available IP addresses in DHCP Server scope. Port security feature can also protect the switch from DHCP starvation attacks, where a client start flooding the network with very large number of DHCP requests, each using a different source MAC address. Port Security feature can protect the switch from MAC flooding attacks. #Mitigate mac address flooding on all cisco devices for mac#MAC flooding attack can soon drain the memory resources allocated for MAC address table and later the switch will start behaving like a network Hub. MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. Before continuing, visit the following link to learn more about MAC flooding attack
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |