![]() ![]() All logical interface operations on the physical port are disabled. Traffic in violation is silently dropped until the number of secure address configures drops below the maximum. The physical port is shut immediately and drops all traffic. Switch responses to security violations Response If a violation occurs, the switch responds according to one of three modes, as summarized in the following table. If the device reaches the maximum limit for the number of secure MAC addresses allowed on the interface and if the interface receives a packet with a source MAC address that is different from any of the secure learned addresses, it is considered a security violation. The secure MAC addresses can be specified statically or learned dynamically. The interface forwards only packets with source MAC addresses that match these secure addresses. The dynamic MAC learning is vulnerable to spoofing attacks, to mitigate this, we c an manually add Static MAC entries on the switch in order to override the dynamic MAC address learning.Port MAC security (PMS) feature allows you to configure the device to learn a limited number of secure MAC addresses on an interface. The static MAC addressin the MAC address table is manually configured for a specific port and VLAN. The Dynamic MAC address entries in the MAC address table have an aging time and can time out after a specific time. and the method of MAC learning: Static or Dynamic learning.All learned MAC addresses will be grouped into the MAC address table which will define: A Dynamic MAC address can be learned via an arp request or replies etc, coming on a specific port on the switch.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |