Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
1
Helpful
4
Replies

Same mac address logs showing on switch interface MacFlap

shaikh.zaid22
Level 3
Level 3

‎01-23-2025 10:53 PM

We are seeing switch logs as same mac xxxx:0111 is being learned on two access interfaces on the same switch.

now after investigation we found the red team was performing spoofing of mac address and their device they applied the mac address of one our pc.

how to prevent this on the switch itself?

what feature or configuration will prevent this again in future?

Labels:
4 Replies 4

MHM Cisco World
VIP
VIP

‎01-23-2025 11:20 PM

Port security is l2 security against Mac spoofing 

MHM

0 Helpful

liviu.gheorghe
VIP
VIP

‎01-24-2025 12:18 AM

You can configure port security with switchport port-security maximum 1 on the port connecting the PC will help you mitigate this kind of situations.

HTH

Regards, LG
*** Please Rate All Helpful Responses ***
0 Helpful

shaikh.zaid22
Level 3
Level 3
In response to liviu.gheorghe

‎01-24-2025 02:42 AM

@MHM Cisco World Thank you for the response

@liviu.gheorghe thanks for the response

@Mancunian how the dynamic arp inspection ensures that only valid mac address will can send arp traffic,

can u pls share any document with exampls if any?

thanks guys

0 Helpful

Mancunian
Spotlight
Spotlight

‎01-24-2025 12:22 AM

You can use Port Security to prevent unauthorized devices from connecting or spoofing MAC addresses
Also, Dynamic ARP Inspection which ensures that only valid MAC-IP bindings can send ARP traffic, mitigating ARP spoofing

0 Helpful
Customers Also Viewed These Support Documents