312-50V13 · Question #146
Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?
The correct answer is A. The switches will drop into hub mode if the ARP cache is successfully flooded.. When a switch's MAC address table is successfully flooded using tools like Macof, the switch often reverts to acting like a network hub by forwarding all unknown unicast traffic out of all ports.
Question
Options
- AThe switches will drop into hub mode if the ARP cache is successfully flooded.
- BIf the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to
- CDepending on the switch manufacturer, the device will either delete every entry in its ARP cache
- DThe switches will route all traffic to the broadcast address created collisions.
How the community answered
(24 responses)- A75% (18)
- B4% (1)
- C13% (3)
- D8% (2)
Why each option
When a switch's MAC address table is successfully flooded using tools like Macof, the switch often reverts to acting like a network hub by forwarding all unknown unicast traffic out of all ports.
Macof floods a switch with random MAC addresses, filling its MAC address table. Once the table is full, the switch can no longer learn new MAC-to-port mappings and will flood subsequent unknown unicast frames out of all ports (except the ingress port), effectively operating as a hub.
'Pix mode' is not a recognized operational mode for a network switch, and MAC flooding makes a switch *more* susceptible to attacks, not less.
While some advanced switches have mitigation techniques, the immediate and primary effect of a successful MAC table flood on typical switches is table overflow and hub-like behavior, not the deletion of all entries.
Switches operate at Layer 2 (MAC addresses) and do not route (Layer 3) traffic; the behavior is flooding unknown unicast frames to all ports, not routing to a broadcast address, and while it can increase network traffic, it's not primarily about creating collisions.
Concept tested: MAC flooding attack and switch behavior
Source: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-series-xl-switches/24362-158.html
Topics
Community Discussion
No community discussion yet for this question.