The value will not show up in the configuration of the switch itself. Review the switch configuration to verify each access port is configured for a single registered MAC address.Ĭonfiguring port-security on the Cisco switch access port interface will automatically set the maximum number of registered MAC addresses to one. Layer 2 Switch Security Technical Implementation Guide - Cisco This happens because the switch cannot find the switch port number for a corresponding MAC address within the CAM table, allowing the switch to become a hub and traffic to be monitored. When there are no more resources, the switch has no choice but to flood all ports within the VLAN with all incoming traffic. An attacker will able to flood the switch with mostly invalid MAC addresses until the CAM table’s resources have been depleted. If there are enough entries stored in a CAM table before the expiration of other entries, no new entries can be accepted into the CAM table. This type of attack lets an attacker exploit the hardware and memory limitations of a switch. Limiting the number of registered MAC addresses on a switch access port can help prevent a CAM table overflow attack.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |