Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
0
Helpful
1
Replies

How to block Internet sharing by MacBook on Cisco Switches Cisco Vulnerability

mgonzalezd07
Level 1
Level 1

‎06-04-2014 01:25 PM - edited ‎03-07-2019 07:38 PM

Hi everyone.

 

I have a issue, on my LAN we found a vulnerability, the MAC laptop (MacBook Pro) had a sharing internet  featuring. using Ethernet cable connected and you can share internet ussing AirPort to the other devices, you can configure the MAC as Access Point and make a NAT on the network.

 

I applied the port-security using max 2 mac address and switchport protect and spanning-tree bpduguard and traffic still passing. If you analyze the traffic you will only see the ip Ethernet cable, even apply the dhcp snoop give a IP address on devices connect to the MacBook.

 

Configuring port:

 

interface GigabitEthernet1/0/2
 description desk Mariano
 switchport access vlan 21
 switchport mode access
 switchport protected
 switchport block unicast
 switchport voice vlan 621
 switchport port-security maximum 2
 switchport port-security
 switchport port-security violation restrict
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 10dd.b1d7.e1a2
 switchport port-security mac-address sticky a40c.c394.08ef vlan voice
 logging event spanning-tree
 logging event status
 srr-queue bandwidth share 10 10 60 20
 srr-queue bandwidth shape  10  0  0  0
 queue-set 2
 udld port aggressive
 mls qos trust device cisco-phone
 mls qos trust cos
 auto qos voip cisco-phone
 storm-control unicast level 1.00
 storm-control action shutdown
 spanning-tree portfast
 spanning-tree bpduguard enable
end

 

At this moment MacBook Pro share a 3 devices, and the local port only see 2 mac address (The MacBook and IP Telephony).

 

          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  21    10dd.b1d7.e1a2    STATIC      Gi1/0/2
 621    a40c.c394.08ef    STATIC      Gi1/0/2
Total Mac Addresses for this criterion: 2

 

Pls helpus, any body can see the problem.

 

 

Best Regards.

 

Labels:
0 Helpful
1 Reply 1

manish arora
Level 6
Level 6

‎06-04-2014 03:35 PM

Not sure if there is any feature to prevent ad-hoc wireless networks originated from a user machine  from a Cisco Switch stand point of view, generally the User IT dept will create a GPO to disable ad-hoc networking on user wnic's or you have the wireless dept that keeps an eye on the any rogue AP's popping up in your network.

I am sure the Wireless Controllers now are capable of switchport tracing for rogue AP's and err-disable them as well.

Manish

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card