Port security
Port Security is a security feature of Ethernet switches that makes it possible to permanently link each interface of a switch with a MAC address (or a list of MAC or hardware addresses) so that a Communication is allowed. For this purpose, the switch checks the sender MAC address on the basis of the source in each frame (e.g. an ARP or DHCP request) each time the port (link ) is established, before user data is transmitted. If the MAC address has changed, for example due to MAC spoofing or network card replacement , the switch administratively sets the port status to Down (port block) so that no further communication takes place as long as the port is not administratively switched to Up again .
In order to reduce the configuration effort in large networks, a so-called learning mode can be activated in the switch when the MAC address is changed. During this time, it saves all MAC addresses recognized on the relevant port as permitted, i.e. adds them to the list of authorized MAC addresses.
In modern networks, port security is sometimes no longer stored on the switch (i.e. sticky , the MAC address "sticks" to the port), but on a RADIUS server using IEEE 802.1X authentication and administered with the advantage that within a LANs / VLANs or even an entire VLAN group a MAC address can be globally authorized and administered.
Problem cases
Some network card types forget, mutilate or irregularly swap the MAC address that they send in the Ethernet frame, thereby triggering a port block. The exact opposite - namely the forwarding of all packets to all ports and bypassing the port security - can be caused by so-called MAC flooding . Here the port or switch is flooded with different MAC addresses until it automatically goes into fail-open mode, during this time it works like a hub and forwards all packets to all ports. This fact can be exploited by an attacker connected to a port to eavesdrop on the data traffic of all computer systems connected to the switch. However, current switches are able to detect this attack and shut down the port within a very short time. For further security, a manual port lock is also used, this can be set in newer switches.