Sticky MAC is disabled by default and its not supported on untrusted interfaces, Also once a MAC address is learned on one interface, it will not be learned on any other interface in the same VLAN. When the MAC limit is enabled, it provides support to log the excess MACs or drop the new MAC learning requests or shuts down the port.īy enabling Sticky MAC learning along with MAC limiting, interfaces can be allowed to learn MAC addresses of trusted workstations and servers during the period from when the interface are connected to the network until the limit for MAC addresses is reached. The MAC limit feature restricts the maximum number of MACs that can be learnt on the interface. Sticky MAC is a port security feature that dynamically learns MAC addresses on an interface and retains the MAC information in case the Mobility Access Switch reboots. once the limit has been reached, additional devices cannot connect to the port.
In this manner, only the devices that are constantly sending frames remain in the CAM table and the devices that are not sending any frames will eventually be removed from the table.Sticky MAC with MAC limit prevents Layer 2 attacks like DoS attacks, Ethernet switching table overflow attacks, and DHCP starvation attacks by limiting the MAC addresses allowed while still allowing the interface to dynamically learn a specified number of MAC addresses. If any device is not sending the frames, once the timer is expired, it removes the MAC address of that device from the CAM table. It keeps the MAC addresses of only those devices that are constantly sending the frames. Aging resolves this issue by automatically removing the old entries from the CAM table. Once the CAM table is full, the switch has no place to store any new addresses. This timer is used to age out old entries from the CAM table, allowing room to store new entries. The switch assigns a separate timer to each entry of the CAM table. If the switch finds an entry for the source MAC address, it updates that entry and resets the timer of that specific entry.
An entry contains three pieces of information the source MAC address, the port or interface on which the frame arrived, and the time when the frame arrived. If the switch does not find an entry for the source MAC address, it creates a new entry for this MAC address.
0 kommentar(er)
