What are two methods of mitigating MAC address flooding attacks? (Choose two.)
A.
Place unused ports in a common VLAN.
B.
Implement private VLANs.
C.
Implement DHCP snooping.
D.
Implement port security.
E.
Implement VLAN access maps
Explanation:
You can use the port security feature to limit and identify MAC addresses of the stations allowed to
access the port. This restricts input to an interface. When you assign secure MAC addresses to a
secure port, the port does not forward packets with source addresses outside the group of defined
addresses. If you limit the number of secure MAC addresses to one and assign a single secure
MAC address, the workstation attached to that port is assured the full bandwidth of the port. If a
port is configured as a secure port and the maximum number of secure MAC addresses isreached, when the MAC address of a station that attempts to access the port is different from any
of the identified secure MAC addresses, a security violation occurs. Also, if a station with a secure
MAC address configured or learned on one secure port attempts to access another secure port, a
violation is flagged. By default, the port shuts down when the maximum number of secure MAC
addresses is exceeded.
Vlan accesss-map can match frame by MAC addresses and in combination with vlan filter it can
be used to mitigate MAC flooding attacks.
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186
a00807c4101.shtml#portsecurity