MAC Locking
26-10 Configuring Security Features
MAC Locking Configuration
Procedure 26-3 lists the commands used to configure MAC locking on the Fixed Switch platforms.
Refer to the CLI Reference for your platform for details about using the commands listed.
First arrival MAC
address aging
Specifies that dynamic MAC locked
addresses will be aged out of the database.
Disabled
MAC lock traps Specifies whether SNMP traps associated
with MAC locking will be sent.
Disabled
MAC lock Syslog
messages
Specifies whether Syslog messages
associated with MAC locking will be sent.
Disabled
Clear on link change Specifies whether First Arrival MAC
addresses will be dropped or maintained
on a loss of link.
Enabled (dynamic MAC
addresses are dropped on loss of
link)
MAC lock threshold
shutdown
Specifies whether a port is disabled
(operstatus down) when the MAC address
table threshold, as defined in
etsysMACLockingFirstArrival
Stations-Allocated object, is exceeded.
Disabled
Table 26-6 MAC Locking Defaults (continued)
Parameter Description Default Value
Procedure 26-3 MAC Locking Configuration
Step Task Command(s)
1. Globally enable MAC locking. set maclock enable
2. Enable MAC locking on ports. set maclock enable port-string
3. Optionally, create static MAC address-to-port
locking entries. The MAC locking entry is
automatically enabled when you create the
entry.
Use the clear maclock command to remove a
static locking entry.
set maclock mac-address port-string
create
clear maclock mac-address
port-string
4. Optionally, disable or enable a static locking
entry.
set maclock mac-address port-string
enable | disable
5. Optionally, set the maximum number of static
MAC addresses allowed per port.
Use the clear maclock static command to
return to the default of 20.
set maclock static port-string value
clear maclock static port-string
6. Optionally, restrict MAC locking on a port to a
maximum number of end station addresses first
connected to that port.
Use the clear maclock firstarrival command to
reset the number of first arrival MAC addresses
allowed per port to the default value of 600.
set maclock firstarrival port-string
value
clear maclock firstarrival
port-string
To Next Page
Loading...
Need help?
General