MAC Locking
Fixed Switch Configuration Guide 26-9
• If a connected end station exceeds the maximum values configured with the set maclock
firstarrival and set maclock static commands (a violation).
When “send-on-violation” is enabled, this feature authorizes the switch to send an SNMP trap
message if an end station is connected that exceeds the maximum values configured using the set
maclock firstarrival and set maclock static commands. Violating MAC addresses are dropped
from the device’s (or stack’s) filtering database.
When “send-on-threshold” is enabled, the agent issues a trap when the MAC address table
threshold, as defined in the etsysMACLockingFirstArrivalStationsAllocated object, is reached.
Use the set maclock syslog command to set the status of MAC locking syslog messages. Syslog
messages are disabled by default. You can specify that a syslog message should be set:
• When the MAC address table threshold is reached, or
• If a connected end station exceeds the maximum values configured with the set maclock
firstarrival and set maclock static commands (a violation).
When “send-on-violation” is enabled, this feature authorizes the switch to send a syslog message
if an end station is connected that exceeds the maximum values configured using the set maclock
firstarrival and set maclock static commands. Violating MAC addresses are dropped from the
device’s (or stack’s) filtering database.
When “send-on-threshold” is enabled, the agent issues a syslog message when the MAC address
table threshold, as defined in the etsysMACLockingFirstArrivalStationsAllocated object, is
reached.
Disabling and Enabling Ports
Use the set maclock disable-port command to enable MAC locking threshold shutdown
(corresponds to etsMACLockingThresholdShutdown) on one or more ports. By default, this
threshold shutdown is disabled on all ports. When threshold shutdown is enabled, the agent
attempts to disable a port (operstatus down) when the MAC address table threshold, as defined in
etsysMACLockingFirstArrival Stations-Allocated object, is exceeded.
Use the clear maclock disable-port command to clear MAC locking threshold shutdown to the
default condition of disabled.
Use the clear maclock violation disabled-port command to clear ports disabled due to a MAC
lock violation (corresponds to etsMACLockingShutdownState). This command will clear the
operstatus down caused by a MAC lock disable-port threshold and clear the port’s
etsMacLockingShutdownState.
MAC Locking Defaults
Table 26-6 MAC Locking Defaults
Parameter Description Default Value
MAC locking state Specifies whether MAC locking is enabled
or disabled, both globally and on specific
ports.
Disabled globally and on ports
Maximum number of
dynamic MAC addresses
Specifies the maximum number of MAC
addresses that will be locked on a port
configured for dynamic MAC locking.
600
Maximum number of
static MAC addresses
Specifies the maximum number of static
MAC addresses allowed on a port.
20
To Next Page
Loading...
