Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 340
  • Last Modified:

Question on port security

On cisco switches that is (2900 series).

When you implement it with say:

int fa0/1
switchport port-security
switchport port-security maximum 1  


This means only one MAC address is allowed to traverse that port.  What does the switch base it's decision on when you use port security?  The arp table?     What happens if you change the network card in your PC?  It will obviously have a different MAC.

Thanks
0
dissolved
Asked:
dissolved
  • 4
  • 2
2 Solutions
 
Don JohnstonInstructorCommented:
Correct. Only one address will be learned when traffic enters that port.

Layer 2 switches don't care (or know) about IP addresses. They only care (learn) MAC addresses. If another address is learned on that port, it will either not add the address to the MAC-Address-Table or it will disable the port. If the NIC is changed on the PC connected to that port, the previous address will have to age out (300 seconds by default) before the new MAC address will be learned.

-dj
0
 
lrmooreCommented:
You can also set the port-security to "sticky" which means that it won't time out. So if someone changes their NIC, you have to go into the switch to clear it before they gain access to the network (or until the switch reboots)

You can also specify the MAC address that it will accept on that port. We're seeing more and more companys implement this feature.

Too bad that a $30 soho router will bypass all that good security with the mac address "clone" feature and permit up to 250 users behind that one MAC....

0
 
dissolvedAuthor Commented:
"Too bad that a $30 soho router will bypass all that good security with the mac address "clone" feature and permit up to 250 users behind that one MAC...."

Holy crap, thats crazy!  How would you detect something like that? I guess you would see RIP advertisements from the soho router and trace it back to that IP.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
lrmooreCommented:
No rip, nothing. I've proven this point many times by taking my Linksys router onsite to do security vulnerability assessments..  I have to provide my laptop's MAC address, then secretly assign that MAC to my Linksys, hook it up under the desk, and bingo! I can setup as many systems as I want behind it. I usually carry at least 2 laptops, 1 with Linux and Nessus and the other XP... fire up a nessus scan and do other stuff on the XP laptop...
0
 
lrmooreCommented:
The solution is 802.1x port-level authentication. Make users authenticate to get access to the port. This is often a no-go simply because the users won't put up with multiple logins..
0
 
dissolvedAuthor Commented:
Wow, that is scary. Thanks for the info.
0
 
lrmooreCommented:
If it weren't for those darn users, we could build a pretty secure network...
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now