Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

IP Spoofing

I know it is very easy to spoof an IP address from the outside of a network. How hard is it to spoof a MAC address or when you spoof the IP address are you spoofing the MAC address as well? I want to set up my 3524 switches to only allow specified MAC addresses through. The logistics are not a problem as we are a smaller company. I want to know would I be wasting my time gathering the MAC addresses and putting them in the switches if the MAC addresses can be as easily spoofed as an IP address.

Cisco Employee

Re: IP Spoofing

MAC addresses can be as easily spoofed as IP, but the MAC address is rewritten for each link, unlike the IP addresses which are preserved end-to-end. So the spoofed MAC is only spoofed for the segment that its injected on, after that the packet is re-written by the networking gear (except for hubs, which are just backbones in a box).

Does this answer your question?


Re: IP Spoofing

I think it does. What your anwswer boils down to is that once the initial MAC address is spoofed it is a moot point because the switch would rewrite the packet with it's own MAC address and pass the packet along anyway therby bypassing any access list set up on the switch to stop unlisted MAC addresses from getting forwarded. Is this correct? If so, is there anyway to effectively stop an unauthorized packet at the switch level?

Cisco Employee

Re: IP Spoofing

Yes, there is a way to do this. On the Catalyst 6XXX series (and I'm pretty sure its on other Cisco

switches like the 2900 series) you are looking for the "set port security ..." feature. I'll be the first to admit that I've never used the functionality, I just know that it exists, so check your documentation. It is supposed to allow you to configure some number of MAC addresses as "secure" or allowed on a port. My understanding is that if you hook up a device or spoof a MAC not on the allowed list for that port, the switch can disable the port. There is also some mode called "restricted" that I haven't a clue about...this stuff wasn't part of the CCNA exam ;-).

Hope this gives you a pointer to what you need...


CreatePlease login to create content