Switched Network Sniffing 229

root@switch# set interface { | all } allowed-mac

Set the allowed MAC address(es) allowed to connect to the interface

Netgear Mitigation

Listing 9.3 shows configuration of a Netgear device.

Listing 9.3: Netgear options

(Config)# interface

!Enter the interface configuration mode for !

(Interface )# port-security

!Enables port-security on the interface!

(Interface )# port-security max-dynamic

!Sets the maximum of dynamically locked MAC addresses allowed on a specific
port!

(Interface )# port-security max-static

!Sets the maximum number of statically locked MAC addresses allowed on a
specific port!

(Interface )# port-security mac-address

!Adds a MAC address to the list of statically locked MAC addresses. =
VLAN ID!

(Interface )# port-security mac-address move

!Converts dynamically locked MAC addresses to statically locked addresses!

(Interface )# snmp-server enable traps violation

!Enables the sending of new violation traps designating when a packet with
a disallowed MAC address is received on a locked port!

The examples here come from official documentation from each of the

vendors mentioned. Since each vendor has multiple models, the actual

code will change on a model-by-model basis. Before using these exact

steps, check your documentation.