Answer the question
In order to leave comments, you need to log in
Will a layer 2 switch notice the mac address spoof?
There is a corporate network. There is a rack with connected switches. The cables are routed to the cabinets and connected. Let's say that someone disconnected the client cable, crimped and connected the router in order to record the physical address of the client. Then he connected the client to the switch through his router, while setting the physical address of the wan interface to the router the same as that of the client, identification by interface mac addresses was enabled on the switch. So that's the question. Do cheap and budget byte switches check the truth of the mac address? Will the switch notice that the mac address has been spoofed?
Answer the question
In order to leave comments, you need to log in
it is not entirely clear from your words what exactly is the mac-address on the port of the router towards the switch. if other than the client's, the switch will trigger port security for the port, if available and enabled. if mac is the same as that of the client, then the switch will not notice any substitution, since there are no other criteria for determining substitution according to the conditions of your task.
I don't know anything about the existence of the "truth byte".
Forget about the bits in the poppy address, the only thing that should not be there is the least significant bit of the most significant bit (a sign of multicast). Everything else changes at the request of the left heel.
Almost all managed switches have some analogue to the Port Security functionality - a mac address is statically bound to the port, and frames with other mac addresses are discarded (or even the port is extinguished administratively). MAC-IP pairs can also be configured on more advanced ones.
Even the cheapest controllers like D-Link DES-12** can do something similar in one form or another. To change the allowed poppy on the port, in this case, you need to go to the switch control panel, with a password.
More serious protection is 802.1x. But it is not always supported by hardware and software. Yes, and admins too.
A cheap budget switch generally gives a damn about what they stick into it.
More solid ones, like CISCO, will gladly obscure any attempt to put an unfamiliar mac into them in syslog, and the port will be turned off.
But nothing will save you from replacing a cunning poppy user, for any money.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question