![]() Each of the devices will need to be statically assigned to each access port.Īnother green initiative where a single LAN drop is shared among several devices is called "hot-desking", which is related to conservation of office space and teleworking. VoIP or VTC endpoints may provide a PC port so a PC can be connected. Some technologies are exempt from requiring a single MAC address per access port however, restrictions still apply. To validate the access port has a maximum value of one for allowable MAC addresses, you must run the following command: The value will not show up in the configuration of the switch itself. Review the switch configuration to verify each access port is configured for a single registered MAC address.Ĭonfiguring port-security on the Cisco switch access port interface will automatically set the maximum number of registered MAC addresses to one. Layer 2 Switch Security Technical Implementation Guide - Cisco This happens because the switch cannot find the switch port number for a corresponding MAC address within the CAM table, allowing the switch to become a hub and traffic to be monitored. When there are no more resources, the switch has no choice but to flood all ports within the VLAN with all incoming traffic. An attacker will able to flood the switch with mostly invalid MAC addresses until the CAM table’s resources have been depleted. ![]() ![]() If there are enough entries stored in a CAM table before the expiration of other entries, no new entries can be accepted into the CAM table. ![]() This type of attack lets an attacker exploit the hardware and memory limitations of a switch. Limiting the number of registered MAC addresses on a switch access port can help prevent a CAM table overflow attack. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |