How mitigate mac spoofing in mab
aland at deployingradius.com
Thu Feb 7 21:12:46 CET 2019
On Feb 7, 2019, at 3:10 PM, Carlos Bordon <cgermanb at live.com.ar> wrote:
> Hi! i have a problem with this vulnerability, i need mitigate it.
> I have ine server with freeradius, other with dhcp and they are connect to cisco 6800 swicht. We aunthenticate the endpoint with mab, because we cant use 802.1x. the problem that i want to resolve is to mitigate mac spoofing on layer two.
> For us is the same mitigate the problem on the radius or the swicht config.
> Do you guys know any idea?
The MAC address can always be spoofed on the client machine.
If you can't use 802.1X, then you need to track known MAC addresses. And if a MAC is online, disallow the same MAC from getting on the network again.
There's really very little you can do with unsecured and unsafe network protocols.
More information about the Freeradius-Users