Home > Articles > Cisco Certification > CCNP > CCNP Security Secure 642-637 Quick Reference: Cisco Layer 2 Security

CCNP Security Secure 642-637 Quick Reference: Cisco Layer 2 Security

Chapter Description

The availability of dedicated Layer 2 attack tools makes it necessary to defend against possible attack by implementing the features that Cisco offers within IOS Software. This chapter describes the main types of Layer 2 attacks and how to defend against them.

MAC Spoofing

MAC spoofing attacks are attacks launched by clients on a Layer 2 network. Attackers spoof their MAC address to perform a man-in-the-middle (MiTM) attack. In one common attack, the attacker pretends to be the default gateway and sends out a gratuitous Address Resolution Protocol (ARP) to the network so that users send their traffic through the attacker rather than the default gateway. The attacker then forwards user traffic to the real default gateway. An attacker on a fast enough host can capture and forward packets so that victims do not notice any change in their network access. Many tools available for download from the Internet, such as Ettercap, can accomplish such a task, and preventing such attacks is quite problematic.

One way to mitigate this threat is to use Port Security. For this to work, however, the maximum MAC address setting must be 1, and the support headache associated with using this setting can potentially be greater than the risk of this type of an attack occurring.