Hi,

Q:  if hacker trying to access our network using mac spoofing? is it possible?

Q: cisco switches first time learn mac address and maintained one mac table. if hacker trying to send unknown mac address able to access?

Ans: MAC spoofing attacks involve the use of a known MAC address of another host to attempt to make the target switch forward frames destined for the remote host to the network attacker. When a single frame is sent with the source Ethernet address of the other host, the network attacker overwrites the CAM table entry so that the switch forwards packets destined for the host to the network attacker. Until the host sends traffic, it does not receive any traffic. When the host sends out traffic, the CAM table entry is rewritten once more so that it moves back to the original port.

Use the port security feature to mitigate MAC spoofing attacks. Port security provides the capability to specify the MAC address of the system connected to a particular port. This also provides the ability to specify an action to take if a port security violation occurs.

Q:  my query is initially cisco switches learned mac address stored in mac table. if any new mac address comes it will stored new mac address table.

Ans: As mentioned, It will store permanent mac address in the table (CAM table) with switch port security configuration. But it is not possible to make a seperate table.

How to identify: Monitoring the mac table. 

Regards,

Deepak Kumar