cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
658
Views
1
Helpful
4
Replies

Same mac address logs showing on switch interface MacFlap

shaikh.zaid22
Level 3
Level 3

We are seeing switch logs as same mac xxxx:0111 is being learned on two access interfaces on the same switch.

now after investigation we found the red team was performing spoofing of mac address and their device they applied the mac address of one our pc.

how to prevent this on the switch itself?

what feature or configuration will prevent this again in future?

4 Replies 4

Port security is l2 security against Mac spoofing 

MHM

You can configure port security with switchport port-security maximum 1 on the port connecting the PC will help you mitigate this kind of situations.

HTH

Regards, LG
*** Please Rate All Helpful Responses ***

@MHM Cisco World Thank you for the response

@liviu.gheorghe thanks for the response

@Mancunian how the dynamic arp inspection ensures that only valid mac address will can send arp traffic,

can u pls share any document with exampls if any?

thanks guys

Mancunian
Spotlight
Spotlight

You can use Port Security to prevent unauthorized devices from connecting or spoofing MAC addresses
Also, Dynamic ARP Inspection which ensures that only valid MAC-IP bindings can send ARP traffic, mitigating ARP spoofing