Number of restricted static addresses : 0Īddress Dest Interface Type Source Interface ListĠ000.1223.30A5Ğthernet 0/5 PermanentĚllĮntries can be cleared from a switch’s MAC address table by issuing the clear mac-address-table command. The table shows not only the MAC addresses of connected devices, but also the port number they are associated with, and whether these entries are dynamic or permanent. To view the MAC address table on a Cisco 1900, issue the show mac-address-table command. It is also possible to add permanent entries to the MAC address table, as we’ll see shortly. They will exist in the MAC table until the table is manually cleared, or until a certain host is not heard from for a certain period of time – the default is 300 seconds. These entries, which are added to the table automatically, are known as dynamic entries. By default, a Catalyst 1900 switch can store up to 1024 entries in its MAC address table. This table is built as the switch inspects the source addresses of frames as they enter the switch from devices connected to a given port. Visit next lesson to learn How to prevent MAC flooding attacks by configuring port security in Cisco Switches.A switch makes forwarding decisions based on the entries stored in its MAC address table. Port Security is a feature of Cisco Switches, which give protection against MAC flooding attacks. How to prevent MAC flooding attacksĬisco switches are packed with in-built security feature against MAC flooding attacks, called as Port Security. The attacker will be able to capture sensitive data from network. Now, what is the benefit of the attacker? The attacker's machine will be delivered with all the frames between the victim and another machines. Frames are flooded to all ports, similar to broadcast type of communicaton. Once the switch's MAC address table is full and it can not save any more MAC address, its enters into a fail-open mode and start behaving like a network Hub. The switch can not save any more MAC address in its MAC Address table. Switch's MAC address table has only a limited amount of memory.
Within a very short time, the switch's MAC Address table is full with fake MAC address/port mappings. This type of attack is also known as CAM table overflow attack. MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address.įollowing images shows a Switch's MAC address table before and after flooding attack.
0 kommentar(er)
