#Mac address learning restrict method mac#
Sticky MAC addresses are lost on reboot unless the running configuration is saved. There are three different ways that MAC addresses can be configured onto a port:Ī statically-configured MAC address is rather simple a single MAC address is configured to be allowed on a port: router#configure terminalrouter(config)#interface interfacerouter(config-if)#switchport port-security mac-address mac-addressĪ dynamic MAC address is one that is learned on an interface and is held in the Content-Addressable Memory (CAM) table until it times out (5 minutes) these are enabled by default.Ī sticky address is dynamically learned and then immediately converted into a sticky secure MAC address this “sticks” the specific MAC address to this port alone.
When using port level security, the MAC address(es) and/or number of MAC addresses of the connected devices is controlled. The simplest form of switch security is using port level security. It should be noted that this article is not intended to show all possible switch security methods but simply highlight the most commonly referenced. This article takes a look at these potential threats and at the different techniques and configurations that can be used to avoid them. Many people can tend to ignore the security vulnerabilities that can be exploited at Layer 2, but these devices are just as vulnerable as high layer devicesthey are just attacked in different ways.
CCNA 640-802 Official Cert Library, Updated, 3rd EditionĪ very important part of securing an organizational network involves the Layer 2 parts of the network, specifically the switches.
0 kommentar(er)
