Counter MAC Spoofing with Cisco

Question

I was wondering if someone could help me with the needed cisco commands to configure a switch to only allow certain mac addresses on certain ports. So that one mac adres can only connect to the network through a specific port.

Also how to be able to configure to use port 24 as a trusted port and have all other ports set as untrusted (while still using the above mentioned allowing certain MAC addresses on specific ports)

This would be greatly appreciated!

Thanks in advance, Dempsey

score 2 · Answer 1 · edited Jun 11 '20 at 10:02

2

You can do that using many switch cisco features, something like:

port-security
set port security 1/1-2 enable            # enable port security
set port security 1/1-2 port max 5        # allow 5 MAC address
set port security 1/1-2 violation protect # drop packet beyond 5 MAC address
mac access-list

mac access-list extended ARP_Packet # creat ARP access-list

permit host X.X.X host Y.Y.Y # define action, allow or deny

end

static MAC

arpa X.X.X IP

Hope this helps.

edited Jun 11 '20 at 10:02

Community

1

answered May 19 '13 at 12:04

cuonglm

2,346
2
15
20

I will try it out and let you know ;) Thanks for the information! ;) – Dempsey FoxDie Van Assche May 20 '13 at 12:27
Edit: I've tried to figure it out but I haven't been able to find anything related to the commands you gave regarding port-security. Are these commands accurate? Thanks in advance! – Dempsey FoxDie Van Assche May 20 '13 at 13:01
You can refer here: http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_example09186a0080470c39.shtml – cuonglm May 20 '13 at 13:06

Counter MAC Spoofing with Cisco

1 Answers1