The default violation action is to shut down the port. The "shutdown" option is the highest port security option available. Therefore, when a port security violation occurs, the interface is shutdown and no traffic is allowed on that interface. Shutdown option sends an SNMP trap and a syslog message also. Shutdown: When "shutdown" option is configured and a violation occurred in switch port security, the interface is shut down. The restrict option also sends an SNMP trap and a syslog message and increments a violation counter when a port security violation occurs.
#Mac address flooding attack mac#
Restrict: When "restrict" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. The "protect" option is the lowest port security option available. No SNMP trap and a syslog message are generated. Frames with known source MAC addresses are allowed. Protect: When "protect" option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. When a violation occurs in switch Port Security, Cisco switches can be configured to act in one of the three options explained below. Sticky Configure dynamic secure addresses as stickyĤ) Specify an action to do when a violation occurred on above conditions. OmniSecuSW1(config-if)#switchport port-security mac-address ? The default number of known secure MAC addresses is one. Sticky MAC addresses ("switchport port-security mac-address sticky") will allow us to enter dynamically learned MAC addresses to running config. We can do this by either hardcoding the MAC addresses of known devices (statically define the known MAC addresses) or configure "sticky" MAC Address. OmniSecuSW1(config-if)#switchport port-security maximum ?ģ) Define the MAC Addresses of known devices, which are going to access the network via that interface. Remember, it is possible that more that one genuine devices are connected to a switch interface (Example: a phone and a computer).
OmniSecuSW1(config-if)#switchport port-securityĢ) Specify a maximum number of MAC addresses allowed on that interface. "switchport port-security" (at interface configuration mode) command can be used to enables Port Security.
This goal is achieved by the following settings, which are related with a switch interface.ġ) Enable Port Security Feature. The goal of Port Security is to prevent a network attacker from sending large number of Ethernet Frames with forged fake source MAC addresses to a Switch interface. Port security feature is meant for access ports and it will not work on trunk ports, Ether-channel ports or SPAN (Switch Port Analyzer) ports. DHCP starvation attacks can result in depletion of available IP addresses in DHCP Server scope. Port security feature can also protect the switch from DHCP starvation attacks, where a client start flooding the network with very large number of DHCP requests, each using a different source MAC address. Port Security feature can protect the switch from MAC flooding attacks.
#Mac address flooding attack for mac#
MAC flooding attack can soon drain the memory resources allocated for MAC address table and later the switch will start behaving like a network Hub. MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. Before continuing, visit the following link to learn more about MAC flooding attack