[c-nsp] protecting router MAC addresses

Dale W. Carder dwcarder at doit.wisc.edu
Wed Oct 13 21:28:20 EDT 2004


On Oct 13, 2004, at 7:56 AM, lee.e.rian at census.gov wrote:
> what happens if we have a malicious user intentionally spoofing
> the HSRP MAC

The "good news" is that HSRP will generate syslog messages when
someone else is using its IP address.  It will also generate this
log if there is a network loop and a HSRP router hears its own
messages.

Stealing the mac address of the router is a known problem of ethernet
networks.  A good article to read about this is:
http://www-106.ibm.com/developerworks/library/s-sniff.html

One solution would be to put mac address ACL's on edge ports, if you
have that capability.  Or you could put static mac address entries on
your access switches.

Dale

-----------------------------------
Dale W. Carder
Network Engineer
University of Wisconsin at Madison
http://net.doit.wisc.edu/~dwcarder



More information about the cisco-nsp mailing list