CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide by Omar Santos
Author:Omar Santos [Omar Santos]
Language: eng
Format: epub, pdf
Publisher: Cisco Press
Published: 2020-03-30T00:00:00+00:00
Port Security
How many MAC addresses should legitimately show up inbound on an access port?
Port security controls how many MAC addresses can be learned on a single switch port. This feature is implemented on a port-by-port basis. A typical user uses just a single MAC address. Exceptions to this may be a virtual machine or two that might use different MAC addresses than their host, or if there is an IP phone with a built-in switch, which may also account for additional MAC addresses. In any case, to avoid a user connecting dozens of devices to a rogue switch that is then connected to their access port, you can use port security to limit the number of devices (MAC addresses) on each port.
This also protects against malicious applications that may be sending thousands of frames into the network, with a different bogus MAC address for each frame, as the user tries to exhaust the limits of the dynamic MAC address table on the switch, which might cause the switch to forward all frames to all ports within a VLAN so that the attacker can begin to sniff all packets. This is referred to as a CAM table overflow attack. Content-addressable memory (CAM) is a fancy way to refer to the MAC address table on the switch.
Port security also prevents the client from depleting DHCP server resources, which could have been done by sending thousands of DHCP requests, each using a different source MAC address. DHCP spoofing attacks take place when devices purposely attempt to generate enough DHCP requests to exhaust the number of IP addresses allocated to a DHCP pool.
With the port security feature, the default violation action is to shut down the port. Alternatively, we can configure the violation response to be to “protect,” which will not shut down the port but will deny any frames from new MAC addresses over the set limit. The “restrict” action does the same as protect but generates a syslog message as well.
To implement port security, follow Example 6-18.
Example 6-18 Implementing Port Security
SW2(config-if)# interface Gi0/2 ! Enable the feature per interface SW2(config-if)# switchport port-security ! Set the maximum to desired number. Default is 1. If we administratively ! set the maximum to 1, the command won't show in the running configuration ! because the configuration matches the default value. It is handy to know ! this behavior, so you won't be surprised by what may seem to be a missing ! part of your configuration. SW2(config-if)# switchport port-security maximum 5 ! Set the violation action. Default is err-disable. Protect will simply ! not allow ! frames from MAC addresses above the maximum. SW2(config-if)# switchport port-security violation protect ! This will cause the dynamic mac addresses to be placed into running ! -config to save them to startup config, use copy run start SW2(config-if)# switchport port-security mac-address sticky ! To verify settings, use this command SW2# show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Gi0/2 5 1 0 Protect ---------------------------------------------------------------------------
Download
CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide by Omar Santos.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7792)
Grails in Action by Glen Smith Peter Ledbrook(7705)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6667)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6659)
Running Windows Containers on AWS by Marcio Morales(6183)
Kotlin in Action by Dmitry Jemerov(5076)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(4968)
Combating Crime on the Dark Web by Nearchos Nearchou(4559)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4441)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4426)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4223)
The Age of Surveillance Capitalism by Shoshana Zuboff(3964)
Python for Security and Networking - Third Edition by José Manuel Ortega(3795)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3515)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3464)
Mastering Python for Networking and Security by José Manuel Ortega(3362)
Learn Wireshark by Lisa Bock(3361)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3338)
Blockchain Basics by Daniel Drescher(3308)
