cisco switch question sticky mode mac changer linux

[badbass]

I did not see any thing about this. I cant use my produduction switch to do this. I want to see if a switch will lock the port if you use MAC changer. I was just going through notes about port security. Sticky is a thing where the switch grabs one mac address when the device is turned on or pluged in. If another device is plugged in say a wireless access point switch laptop or another device it locks the port. Some wireless access points let you change the mac address on them anyway. Easy if you have multiple switches so you dont have to type each mac address to the desired port. The only thing is the mac address needs to be known. Bring your own laptop from home or a mini access point so you can use a your phone to play games. Use your own setting to get around policys. I will keep trying but cisco's web site was no help. Interesting at least.

[barry99705]

It will work, but like you said, you have to know the mac address.

[kerpap]

on a Cisco switch, port security should not be configured on a port that a access-point is plugged into.

now, if you are running your laptop via RJ45 to the switch and the switch port has port-sec enabled and the max allowed MACs is 1 than yes, the switch port will go into err-disabled mode when you use MAC changer. also, this is dependant on the violation mode that is set. by default it is shutdown. if restrict or protect the violating MAC address packets are dropped and the port wont go into err-disabled. (differance is restrict sends a log of the violation)

most of the time though port sec is set to max-allowed 2 because for some reason, setting it to 1 will send the port to err-disabled from time to time. (not sure why, it was not mentioned in the CCNA-SECURITY curriculum. I just found it to be true in practice)

with max allowed there is nothing to say which MAC addresses are allowed. so if max is 2 it can be any 2 and those can change. its max 2 at any given time. with sticky MAC you wont need to enter the allowed MAC addresses as they are dynamically learned. otherwise the admin would enter the MAC manually. with sticky MAC, if you use MAC changer and the max allowed goes over, than the port will go into its violation state. if sticky MAC is enabled and the max MAC addresses have not been filled than your spoofed MAC will be added to the list.

Port security is really designed to prevent CAM table overflows which would turn the switch into a hub thus allowing you to sniff everyone's traffic.

if you have a cisco switch, play around with it. lots of fun on a friday/saturday night!!