Mitigating MAC flooding attacks using port security techniques

Authors

  • Shehu Ibrahim Gajo Department of Computer Engineering Technology, Katsina State Institute of Technology and Management, Katsina

Keywords:

MAC Flooding Attacks, Port Security, Local Area Network, MAC address limiting, Packet tracer

Abstract

In today's interconnected digital landscape, network security is paramount, particularly for Local Area Networks (LANs) that are increasingly vulnerable to MAC flooding attacks. These attacks exploit vulnerabilities in network switches, compromising network integrity and privacy. This study aims to explore the effectiveness of port security mechanisms in mitigating MAC flooding threats through a practical simulation using Packet Tracer. The simulation setup includes a switch, two authorized computers, and one unauthorized computer, with a strict limit of one MAC address allowed per port. Shutdown violation is set whenever the switch port learn more than 1 MAC address to avoid MAC flooding. The findings reveal that the implementation of MAC address limiting effectively prevents the learning of additional MAC addresses, thereby safeguarding the network from potential flooding attacks. When the maximum MAC address limit is reached, the port is shutdown as set in the violation mode. This research underscores the critical importance of proactive security measures in maintaining network integrity and provides valuable insights for network administrators seeking to enhance their security protocols. 

Dimensions

[1] M. Sandhya, ‘‘Empirical investigations on the security and threat mitigation of campus switches’’, 2023 International Conference on Computer Communication and Informatics (ICCCI), Coimbatore, India: IEEE, Jan. 2023, pp. 1–8. [Online]. http://dx.doi.org/10.1109/ICCCI56745.2023.10128280.

[2] Y. Tzang, H. Chang & C. Tzang, ‘‘Enhancing the performance and security against media-access-control table overflow vulnerability attacks’’, Security Comm. Networks 8 (2015) 1780 https://doi.org/10.1002/sec.1142.

[3] A. ElShafee & W. El-Shafai, ‘‘Design and analysis of data link impersonation attack for wired LAN application layer services’’, J Ambient Intell Human Comput 14 (2023) 13465. https://doi.org/10.1007/s12652-022-03800-5.

[4] CISCO press, ‘‘Cisco networking academy’s introduction to basic switching concepts and configuration’’, in Routing and switching essentials companion guide, Cisco Press, 2014. [Online]. https://www.ciscopress.com/articles/article.asp?p=2181836&seqNum=7.

[5] T. A. A. Sandi, F. Firmansyah, S. Dewi, E. K. Pratama & R. D. Astuti, ‘‘Comparison of port security switch layer 2 mac address dynamic with mac address static sticky’’, J. inspir. 12 (2022) 65. https://doi.org/10.35585/inspir.v12i2.8.

[6] N. Juniper, ‘‘Configuring MAC limiting’’. [Online]. Accessed: Jul. 08, 2023. https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/topic-map/configuring-mac-limiting.html.

[7] F. Semperboni, ‘‘Protecting against MAC flooding attack’’, Cisco-Zine. [Online]. Accessed: Jul. 08, 2023. https://www.ciscozine.com/protecting-against-mac-flooding-attack/.

[8] Cisco, ‘‘MAC address limiting on service instances and bridge domains’’. [Online]. Accessed: Feb. 01, 2025. https://www.cisco.com/c/en/us/td/docs/ios/cether/configuration/guide/ce_mac-addlmt-bdsin.html.

Published

2025-03-13

How to Cite

Mitigating MAC flooding attacks using port security techniques. (2025). Proceedings of the Nigerian Society of Physical Sciences, 2(1), 162. https://doi.org/10.61298/pnspsc.2025.2.162

Issue

Volume 2, NSPS-FUOYE Conference, Feb. 3 - 6, 2025

Section

Articles
Copyright & Licensing

Copyright (c) 2025 Shehu Ibrahim Gajo (Author)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Mitigating MAC flooding attacks using port security techniques. (2025). Proceedings of the Nigerian Society of Physical Sciences, 2(1), 162. https://doi.org/10.61298/pnspsc.2025.2.162