Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
820
Views
0
Helpful
1
Replies

Defeating mac flooding attacks on the distribution 6500 switch

ovt
Level 4
Level 4

‎12-16-2006 04:02 AM - edited ‎03-05-2019 01:21 PM

Hi, guys.

1. Can anybody share personal experience about the following Cat 6500 commands:

IOS: mac-address-table limit

CatOS: set cam monitor

IOS: mac-address-table notification threshold

CatOS: set cam notification threshold

The problem is that it is not always feasible to protect the switching infrastructure against macof-like attacks on the access layer because of software limitations of low-end switches. For example, you cannot configure port security and PVLANs on the same port on 3560/3750 Cisco switches.

So, the idea is to defeat mac flooding attacks on the distribution layer. Is it possible with these commands?

2. Why is IOS documentation tells us that "flood" option of the "mac-address-table limit" command "enables unknown unicast flooding for the VLAN" whilst CLI tells us that it "disables flooding for this vlan"? What is the truth?

Thx.

Labels:
0 Helpful
1 Reply 1

autobot130
Level 1
Level 1

‎12-18-2006 04:00 PM

You will solve the problem by using port-security, specifying maximum mac address learned per switch port.

This will prevent scripts like mac-of from making your switch become a hub after filling the CAM table.

URL reference: http://cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a2c.html

0 Helpful
Customers Also Viewed These Support Documents