Cisco Switch commands

You can use the following Cisco port security feature to defend against MAC attacks.

Examples

  • switchport port-security
    Enables port security on the interface.
  • switchport port-security maximum 1
    Configures the maximum number of secure MAC addresses for the port
  • switchport port-security maximum 1 vlan access
    Sets the maximum number of secure MAC addresses for the interface. The range is 1 to 3072. The default is 1.
  • switchport port-security violation restrict
    Sets the violation mode, the action to be taken when a security violation {restrict | shutdown} is detected.
  • switchport port-security aging time 2
    Sets the aging time for the secure port.
  • switchport port-security aging type inactivity
    The type keyword sets the aging type as absolute or inactive.
  • snmp-server enable traps port-security trap-rate 5
    Controls the rate at which SNMP traps are generated.
  • switchport port-security mac-address sticky
    Adds all secure MAC addresses that are dynamically learned to the running configuration
  • Cisco OS Global Commands:
    • ip dhcp snooping vlan 4,104
      Enable or disable DHCP snooping on one or more VLANs.
    • no ip dhcp snooping information option
      To disable the insertion and the removal of the option-82 field, use the no IP dhcp snooping information option in global configuration command. To configure an aggregation, switch to drop incoming DHCP snooping packets with option-82 information from an edge switch, use the no IP dhcp snooping information option allow-untrusted global configuration command.
    • ip dhcp snooping
      Enable DHCP snooping option globally.

These commands are presented in module 2 “Sniffing”.

Leave a Reply

Your email address will not be published. Required fields are marked *