What are two methods of mitigating MAC address flooding attacks? (Choose two.)
A.
Place unused ports in a common VLAN.
B.
Implement private VLANs.
C.
Implement DHCP snooping.
D.
Implement port security.
E.
Implement VLAN access maps
Explanation:
You can use the port security feature to limit and identify MAC addresses of the stations
allowed to access the port. This restricts input to an interface. When you assign secure MAC
addresses to a secure port, the port does not forward packets with source addresses outside
the group of defined addresses. If you limit the number of secure MAC addresses to one and
assign a single secure MAC address, the workstation attached to that port is assured the full
bandwidth of the port. If a port is configured as a secure port and the maximum number of
secure MAC addresses is reached, when the MAC address of a station that attempts to
access the port is different from any of the identified secure MAC addresses, a security
violation occurs. Also, if a station with a secure MAC address configured or learned on one
secure port attempts to access another secure port, a violation is flagged. By default, the
port shuts down when the maximum number of secure MAC addresses is exceeded.
Vlan accesss-map can match frame by MAC addresses and in combination with vlan filter it
can be used to mitigate MAC flooding attacks.
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00807c4101.shtml#portsecurity