8021Qci

IEEE 802.1Qci is an amendment to the IEEE 802.1Q family that introduces a MAC security mechanism based on per-port ingress filtering. The purpose is to prevent unauthorized or spoofed MAC addresses from entering a bridged network, thereby reducing the risk of MAC spoofing and MAC address table flooding in access networks and other bridged topologies.

The core concept is per-port MAC address validation. Each switch port maintains a set of allowed source

802.1Qci is designed to operate independently of higher-layer authentication methods and commonly complements existing security controls

In deployment, hardware and firmware implement the ingress filtering function as part of the bridge or switch’s