DEFENDING AGAINST THE CAM TABLE OVERFLOW ATTACK
Attack Scenario
Port Security (can be configured on static access port/trunk port)
- Dynamic, Static, Sticky
- Violation Actions (PRSS)
- Access or Trunk
Trunk Configuration for port security VLAN can be included
Dynamic, Static, Sticky
1. Dynamic learned (has ageing options)
2. Static - configured manually on the port/interface
3. Sticky - dynamic learned mac will be put on Running Config
Violation Actions (default limit of MAC = 1)
1. Protect - no syslog, no alerts, limits the number of MAC to the port
2. Restict - snmp, syslog, counters (not all cisco has this support option)
3. Shutdown - default, reached the limit it shutdowns the port, snmp, syslog, counter
4. Shutdown VLAN - shutdown the vlan
Cofiguring Port Security
conf t
default int Gig 0/2
int Gig 0/2
switchport mode access set port type no dynamic ports
switchport access vlan 123 set access vlan
switchport port-security maximum 5 set maximum MAC
switchport port-security aging type inactivity set inactivity
switchport port-security aging time 5 set inactivity 5 mins
switchport port-security violation restict set restict
switchport port-security mac address 0000.6783.0000 add static MAC
switchport port-security enable the port-security
conf t
default int Gi0/6
int Gig 0/6
switchport trunk encapsulation dot1q
switchport mode trunk
swithcport port-security maximum 50 vlan 123 set max MAC 50
switchport port-security enable the port-security
Verification Commands
show port security
show mac address-table count vlan XXX
show port-security address
show port-security interface gig 0/2
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment