Same mac address logs showing on switch interface MacFlap - Cisco Community

|

|

672

Views

1

Helpful

4

Replies

We are seeing switch logs as same mac xxxx:0111 is being learned on two access interfaces on the same switch.

now after investigation we found the red team was performing spoofing of mac address and their device they applied the mac address of one our pc.

how to prevent this on the switch itself?

what feature or configuration will prevent this again in future?

4 Replies 4

Port security is l2 security against Mac spoofing

MHM

You can configure port security with switchport port-security maximum 1 on the port connecting the PC will help you mitigate this kind of situations.

HTH

Regards, LG
*** Please Rate All Helpful Responses ***

@MHM Cisco World Thank you for the response

@liviu.gheorghe thanks for the response

@Mancunian how the dynamic arp inspection ensures that only valid mac address will can send arp traffic,

can u pls share any document with exampls if any?

thanks guys

You can use Port Security to prevent unauthorized devices from connecting or spoofing MAC addresses
Also, Dynamic ARP Inspection which ensures that only valid MAC-IP bindings can send ARP traffic, mitigating ARP spoofing

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community