Prevent MAC Flooding on Dell N2048 Switch

Written by Marc-Andre

MAC flooding (aka CAM Table Overflow) is a layer two type of attack. A malicious user on one port can flood the switch with thousands of fake mac addresses. This causes the CAM table to overflow. And when this happens, the switch broadcasts every frames entering one port out of every other ports. Making it possible for our malicious user to capture the conversations occurring on the other ports.

To prevent this attack, you need to limit the number of mac addresses allowed on each access port. Here’s how to prevent this attack on a Dell N2048 switch:

1. Enable switchport security globally
console(config)#switchport port-security

2. Specify the maximum number of mac addresses on each access port
console(config)#interface range gi1/0/1-48
console(config-if)#switchport port-security dynamic 50

3. Set the behavior of the port for when it will receive more than the maximum number of mac addresses. The choice is between dropping the frames from the extra mac addresses (called protect) or shutting down the port. This one really depends on your personal preference. I find that shutting down the port makes troubleshooting easier. But it does requires you to be on call and ready to reactivate the port manually. Protect is the default violation mode.
console(config-if)#switchport port-security violation {protect | shutdown}

4. Activate the security on the ports themselves
console(config-if)#switchport port-security

To learn more about those commands, check out the Dell CLI Reference Guide.

About the expert


I'm currently certified as a Cisco Certified Network Professional (CCNP) with a background as a system administrator. If you're in Montreal, send me an email. I'll be happy be to chat with you in person. Else, you can always find me in the forum.

Leave a Comment