Friday 20 January 2023

How to configure Static MAC Address table Entries?

 By default, our switch dynamically learns the MAC address and stores it in the CAM table. by just looking at the source MAC address of the incoming frame. 




This dynamically learning the MAC addresses and filling in the CAM table the process is vulnerable to layer 2 MAC address spoofing attacks. The attacker easily spoofs a few MAC addresses to change entries in the MAC address table. We can deal with this problem by manually configuring entries in the MAC address table. A statically configured MAC address will always overrule dynamic entry. 




Let's configure the Static MAC Address table Entries: -

Topology:




Goal: -

  • configure the topology as per the diagram.
  • configure the IP addresses as per the topology
  • configure IP addresses on the PC as per the topology 
  • ping from PC 1 to all the PCs 
  • configure STATIC MAC addresses

Router(config)#interface gigabitEthernet 0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown 
Router(config-if)#exit


%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up



Switch(config)#interface vlan 1

Switch(config-if)#ip address 192.168.1.2 255.255.255.0

Switch(config-if)#no shutdown

Switch(config-if)#exit


C:\>ping 192.168.1.4


Pinging 192.168.1.4 with 32 bytes of data:


Reply from 192.168.1.4: bytes=32 time<1ms TTL=128

Reply from 192.168.1.4: bytes=32 time<1ms TTL=128

Reply from 192.168.1.4: bytes=32 time=1ms TTL=128

Reply from 192.168.1.4: bytes=32 time<1ms TTL=128


Ping statistics for 192.168.1.4:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms


C:\>ping 192.168.1.5


Pinging 192.168.1.5 with 32 bytes of data:


Reply from 192.168.1.5: bytes=32 time=1ms TTL=128

Reply from 192.168.1.5: bytes=32 time<1ms TTL=128

Reply from 192.168.1.5: bytes=32 time=1ms TTL=128

Reply from 192.168.1.5: bytes=32 time<1ms TTL=128


Ping statistics for 192.168.1.5:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms


C:\>ping 192.168.1.6

C:\>ping 192.168.1.7

C:\>ping 192.168.1.8

C:\>ping 192.168.1.9

C:\>ping 192.168.1.10

C:\>ping 192.168.1.11


Router#ping 192.168.1.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms


Switch#show mac address-table

Mac Address Table

-------------------------------------------


Vlan Mac Address Type Ports

---- ----------- -------- -----


1 0001.c92e.016d DYNAMIC Fa0/9

1 0004.9a7b.331d DYNAMIC Fa0/2

1 000a.418d.0b8b DYNAMIC Fa0/4

1 000d.bd40.3c82 DYNAMIC Fa0/10

1 0010.1141.3d28 DYNAMIC Fa0/6

1 0030.f2d1.9701 DYNAMIC Fa0/1

1 0050.0f64.a758 DYNAMIC Fa0/7

1 0060.3e6e.6dd5 DYNAMIC Fa0/3

1 0060.7020.0505 DYNAMIC Fa0/5

1 0090.2b15.c5cd DYNAMIC Fa0/8


(Our switch dynamically learns and store the MAC entries)


Switch(config)#mac address-table static 0030.f2d1.9701 vlan 1 interface fastEthernet 0/1

Switch(config)#

Switch(config)#mac address-table static 0004.9A7B.331D vlan 1 interface fastEthernet 0/2

Switch(config)#

Switch(config)#mac address-table static 0060.3E6E.6DD5 vlan 1 interface fastEthernet 0/3

Switch(config)#

Switch(config)#mac address-table static 000A.418D.0B8B vlan 1 interface fastEthernet 0/4

Switch(config)#

Switch(config)#mac address-table static 0060.7020.0505 vlan 1 interface fastEthernet 0/5

Switch(config)#

Switch(config)#mac address-table static 0010.1141.3D28 vlan 1 interface fastEthernet 0/6

Switch(config)#

Switch(config)#mac address-table static 0050.0F64.A758 vlan 1 interface fastEthernet 0/7

Switch(config)#

Switch(config)#mac address-table static 0090.2B15.C5CD vlan 1 interface fastEthernet 0/8

Switch(config)#

Switch(config)#mac address-table static 0001.C92E.016D vlan 1 interface fastEthernet 0/9

Switch(config)#

Switch(config)#mac address-table static 000D.BD40.3C82 vlan 1 interface fastEthernet 0/10

Switch(config)#end

Switch#show mac address-table static

Mac Address Table

-------------------------------------------


Vlan Mac Address Type Ports

---- ----------- -------- -----


1 0001.c92e.016d STATIC Fa0/9

1 0004.9a7b.331d STATIC Fa0/2

1 000a.418d.0b8b STATIC Fa0/4

1 000d.bd40.3c82 STATIC Fa0/10

1 0010.1141.3d28 STATIC Fa0/6

1 0030.f2d1.9701 STATIC Fa0/1

1 0050.0f64.a758 STATIC Fa0/7

1 0060.3e6e.6dd5 STATIC Fa0/3

1 0060.7020.0505 STATIC Fa0/5

1 0090.2b15.c5cd STATIC Fa0/8




Switch#show mac address-table

Mac Address Table

-------------------------------------------


Vlan Mac Address Type Ports

---- ----------- -------- -----


1 0001.c92e.016d STATIC Fa0/9

1 0004.9a7b.331d STATIC Fa0/2

1 000a.418d.0b8b STATIC Fa0/4

1 000d.bd40.3c82 STATIC Fa0/10

1 0010.1141.3d28 STATIC Fa0/6

1 0030.f2d1.9701 STATIC Fa0/1

1 0050.0f64.a758 STATIC Fa0/7

1 0060.3e6e.6dd5 STATIC Fa0/3

1 0060.7020.0505 STATIC Fa0/5

1 0090.2b15.c5cd STATIC Fa0/8












By at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

What is Virtual Router Redundancy Protocol (VRRP)? How to configure Virtual Router Redundancy Protocol (VRRP)?

 Virtual Router Redundancy Protocol (VRRP) is a gateway redundancy networking protocol used to create a virtual gateway similar to HSRP . VR...