06-04-2014 01:25 PM - edited 03-07-2019 07:38 PM
Hi everyone.
I have a issue, on my LAN we found a vulnerability, the MAC laptop (MacBook Pro) had a sharing internet featuring. using Ethernet cable connected and you can share internet ussing AirPort to the other devices, you can configure the MAC as Access Point and make a NAT on the network.
I applied the port-security using max 2 mac address and switchport protect and spanning-tree bpduguard and traffic still passing. If you analyze the traffic you will only see the ip Ethernet cable, even apply the dhcp snoop give a IP address on devices connect to the MacBook.
Configuring port:
interface GigabitEthernet1/0/2
description desk Mariano
switchport access vlan 21
switchport mode access
switchport protected
switchport block unicast
switchport voice vlan 621
switchport port-security maximum 2
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 10dd.b1d7.e1a2
switchport port-security mac-address sticky a40c.c394.08ef vlan voice
logging event spanning-tree
logging event status
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
udld port aggressive
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
storm-control unicast level 1.00
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
end
At this moment MacBook Pro share a 3 devices, and the local port only see 2 mac address (The MacBook and IP Telephony).
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
21 10dd.b1d7.e1a2 STATIC Gi1/0/2
621 a40c.c394.08ef STATIC Gi1/0/2
Total Mac Addresses for this criterion: 2
Pls helpus, any body can see the problem.
Best Regards.
06-04-2014 03:35 PM
Not sure if there is any feature to prevent ad-hoc wireless networks originated from a user machine from a Cisco Switch stand point of view, generally the User IT dept will create a GPO to disable ad-hoc networking on user wnic's or you have the wireless dept that keeps an eye on the any rogue AP's popping up in your network.
I am sure the Wireless Controllers now are capable of switchport tracing for rogue AP's and err-disable them as well.
Manish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide