Port Security

L2 Sep 30, 2012

Port security allows you to control the number of MAC addresses that can be learned on a single switch port. It is enabled on a per interface basis.

It can protect against malicious applications that can sned thousands of of frames into a network with a different MAC address therefore exhausting the limits of the MAC address table. The result of this is the switch forwarding all frames out interfaces for that VLAN (normal switch behaviour for unknown MACs) thus allowing the attacker to capture them. This is known as ‘CAM table overflow attack’.

It can also prevent clients from depleting DHCP resources which could be done by sending thousands of requests using different MAC addresses as a source.

The port security feature has 2 options when it detects a violation;

  • Shut the port down (default)
  • Protect mode, in which it will deny frames from new MAC sources
  • Restrict mode, same a protect but will send a syslog as well

To implement;

interface gig 0/1 switchport port-security switchport port-security maxium 5 !sets the max no if MACs allowed switchport port-security violation protect switchport port-security mac-address sticky show port-security show port-security interface gig0/1

Tags

Rob Edwards

Northern (UK) chap focusing on platforms, automation, cloud and cloud native applications. Recovering network engineer, although it turns out networking is as important, if not more, now than before!

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.