You can use the following Cisco port security feature to defend against MAC attacks.
Examples
switchport port-security
Enables port security on the interface.- switchport port-security maximum 1
Configures the maximum number of secure MAC addresses for the port switchport port-security maximum 1 vlan access
Sets the maximum number of secure MAC addresses for the interface. The range is 1 to 3072. The default is 1.switchport port-security violation restrict
Sets the violation mode, the action to be taken when a security violation {restrict | shutdown} is detected.switchport port-security aging time 2
Sets the aging time for the secure port.switchport port-security aging type inactivity
The type keyword sets the aging type as absolute or inactive.snmp-server enable traps port-security trap-rate 5
Controls the rate at which SNMP traps are generated.switchport port-security mac-address sticky
Adds all secure MAC addresses that are dynamically learned to the running configuration- Cisco OS Global Commands:
ip dhcp snooping vlan 4,104
Enable or disable DHCP snooping on one or more VLANs.no ip dhcp snooping information option
To disable the insertion and the removal of the option-82 field, use the no IP dhcp snooping information option in global configuration command. To configure an aggregation, switch to drop incoming DHCP snooping packets with option-82 information from an edge switch, use the no IP dhcp snooping information option allow-untrusted global configuration command.ip dhcp snooping
Enable DHCP snooping option globally.
These commands are presented in module 2 “Sniffing”.