Cisco Systems, Inc.
MAC address theft detection in a distributed link layer switched network based on trust level comparison

Abstract:

In one embodiment, a method comprises determining, by a link layer switch within a distributed link layer switched data network, a trust metric for a media access control (MAC) address used by a network device on a link layer connection provided by the link layer switch; receiving, by the link layer switch, a query originated by a second link layer switch in the distributed link layer switched data network, the query specifying the MAC address and a corresponding specified trust metric; and responding to the query, by the link layer switch, based on determining whether the specified trust metric indicates a higher trust level than the corresponding trust metric for the MAC address used by the network device on the link layer connection.