polewchoice.blogg.se

SW1(config-if)#switchport port-security violation restrict SW1(config-if)#switchport port-security aging time 5 SW1(config-if)#switchport port-security aging type inactivity SW1(config-if)#switchport port-security maximum 2 – I will configure SW1 to allow only two MAC addresses on port E0/3 and uses “ restrict” as a violation action. Total Mac Address Space Available: -997508928 – Launch CAM table attack on attacker machine and check the mac-addresses on SW1. Total Mac Addresses for this criterion: 2 – Now, there are two mac-addresses stored in the table. – Try to ping each other and then verify mac-addresses on SW1. This may be different according to your different devices. – As you can see the available mac-address space is 1550960574. Total Mac Address Space Available: 1550960574 Skip if you already know this step, just assigning VLAN on interfacesįist, let’s verify the mac-address table on SW1 Need to copy the config over to startup-config file. We still need to save it into startup-configuration file.ĭynamically learn MAC addresses and stored in the running-config and CAM table. The switch will save MAC addresses in the running-config and CAM table. You have to statically configure MAC address via CLI. It will be lost after the switch is rebooted.

MAC addresses are stored only in the CAM table. Once we’ve enabled port-security, default maximum numbers of MAC address is “one”.ĭynamically learn MAC addresses. Other switch may not be supported all options. Shutdown (Note that this is default mode, shutdown the ports and generate log messages) Restrict (This option will generate syslog or SNMP messages)

Protect (This will not generate any syslog or SNMP messages) – Before enabling port-security feature, you need to know about four violation actions Please visit to cisco site if you want to know detail. Also we can configure security violation actions to shutdown the ports or filter traffic. By enabling this, we can limit the maximum numbers of source mac-addresses on cisco switches. So let me explain a bit about switch port-security feature. But we can prevent this this flooding attack by using switch port-security. The malicious user or attacker sends thousands of bogus source MAC addresses over to a switch port within a short time.