Two switch, one MAC table
Yes, that could be acheived to provide a sort of DoS attack.
Hmmm, So back to Skepticals scenario, If the intruder places the Gateway's MAC as the destination in his (multi source MAC) frames attack. Assuming the gateway is on one of the 2950 switch ports. It seams to me that not only the small switch port that will be shut down but also the 2950's port that connects the two switches will be shut down. i.e All the PCs connected to the small switch segment would be disconnected from the network.
If that is all correct. It means that any number of cascaded switches (Given that the default cisco settings are kept) can be disconnected by using such attack on one of the ports of the last switch on the line to the gateway.
I guess the best way to prevent this is port security. But to do so it seams that port security must support multiple MAC addresses per one port. So that the 2950 port that connects to the other switch will not refuse the few MACs that are connected to the small switch. Is this possible ?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
- skepticals
- Topic Author
- Offline
- Elite Member
- Posts: 783
- Thank you received: 0
2912XL#show mac-address-table
Dynamic Address Count: 3
Secure Address Count: 0
Static Address (User-defined) Count: 0
System Self Address Count: 35
Total MAC addresses: 38
Maximum MAC addresses: 2048
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
----
0017.a4eb.9b04 Dynamic 1 FastEthernet0/6
0018.f8f1.cff5 Dynamic 1 FastEthernet0/6
00a0.c9ab.0e8f Dynamic 1 FastEthernet0/1
Solo,
It looks like the switch already supports multiple MACs per port. His switch shows two different mac addresses form FA0/6
Sure your right. But what I meant was can it support mutiple MACs with security ? i.e can it allow only those specific 5 or 6 MACs through the port and ignore the rest ? Or does it have to be 1 MAC and ignore the rest ?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
- skepticals
- Topic Author
- Offline
- Elite Member
- Posts: 783
- Thank you received: 0
I am not sure myself, but going off what Chris said:
switchport port-security maximum {max # of MAC addresses allowed}: You can use this option to allow more than the default number of MAC addresses, which is one. For example, if you had a 8-port hub connected to this switch port, you would want to allow 8 MAC addresses—one for each device. The maximum number of secure MAC addresses per port is 132.
switchport port-security violation {shutdown | restrict | protect}: This command tells the switch what to do when the number of MAC addresses on the port has exceeded the maximum allowed number. The default is to shut down the port. However, you can also choose to alert the network administrator (i.e., restrict) or only allow traffic from the secure port and drop packets from other MAC addresses (i.e., protect).
switchport port-security mac-address {MAC address}: You can use this option to manually define the MAC address allowed for this port rather than letting the port dynamically determine the MAC address.
You could probably use switchport port-security maximum to set the number of MACS and switchport port-security mac-address {MAC address} to manually confiure multiple MACs.
Is that what you meant?
Yup, thats what I meant.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
- skepticals
- Topic Author
- Offline
- Elite Member
- Posts: 783
- Thank you received: 0