Though I followed Cisco’s instructions (ISBN-10: 1-58720-171-2) where it indicates that Sticky Learning is the default.
“During this practice setup, I found that the 3550 switch DID restrict use of multiple MACs it didn’t learn a “Sticky MAC” address and permitted me to swap out one PC for another. Last time the Sticky wasn’t working quite right (thanks to errors in Cisco book!): But, it does afford some level of protection, so off we go… Shoot, I can even plug in my old Linksys NAT router, have it “clone” my PC’s mac address and it will be able to circumnavigate all of the above listed exploits. We can mitigate problems from normal, non-hacker users presumably hackers could spoof a laptops MAC address. It’s easy to see that the VM – Parallels in this case – uses a separate MAC address for its separate IP in the following screen shot:
A user unplugging their corporate PC and plugging in an unauthorized laptop.A user bringing in their own router, switch or hub to create a rogue network.Cisco’s port-security feature in its switches can restrict a switchport to a single, learned MAC address, potentially preventing such security issues as:
0 kommentar(er)
