Enterasys D-Series

Enterasys D-Series

540 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Configuring MAC Locking

Enterasys D-Series CLI Reference 17-51

Configuring MAC Locking

ThisfeaturelocksaMACaddresstooneormoreports,preventingconnectionofunauthorized

devicesthroughtheport(s).WhensourceMACaddressesarereceivedonspecifiedports,the

switchdiscardsallsubsequentframes notcontainingtheconfiguredsourceaddresses.Theonly

framesforwardedona“locked”portarethosewith

the“locked”MACaddress(es)forthatport.

TherearetwomethodsoflockingaMACtoaport:firstarrivalandstatic.Thefirstarrivalmethod

isdefinedtobelockingthefirstnnumberofMACswhicharriveonaportconfiguredwithMAC

lockingenabled.Thevaluenis

configuredwiththesetmaclockfirstarrivalcommand.

ThestaticmethodisdefinedtobestaticallyprovisioningaMAC‐portlockusingthesetmaclock

command.ThemaximumnumberofstaticMACaddressesallowedforMAClockingonaport

canbeconfiguredwiththesetmaclockstaticcommand.

Youcanconfigure

theswitchtoissueaviolationtrapifapacketarriveswithasourceMAC

addressdifferentfromanyofthecurrentlylockedMACaddressesforthatport.

MACsareunlockedasaresultof:

•Alinkdownevent

•WhenMAClock ing isdisabledonaport

•WhenaMACisaged

outoftheforwardingdatabasewhenFirstArrivalagingisenabled

Whenproperlyconfigured,MAClockingisanexcellentsecuritytoolasitpreventsMACspoofing

onconfiguredports.AlsoifaMACweretobesecuredbysomethinglikeDragonDynamic

IntrusionDetection,MAClockingwouldmakeitmoredifficultfor

ahackertosendpacketsinto

thenetworkbecausethehackerwouldhavetochangetheirMACaddressandmovetoanother

port.Inthemeantimethesystemadministratorwouldbereceivingamaclocktrapnotification.

Purpose

Toreview,disable,enable,andconfigureMAClocking.

Commands

For information about... Refer to page...

show maclock 17-52

show maclock stations 17-53

set maclock enable 17-54

set maclock disable 17-55

set maclock 17-55

clear maclock 17-56

set maclock static 17-57

clear maclock static 17-57

set maclock firstarrival 17-58

clear maclock firstarrival 17-59

set maclock agefirstarrival 17-59

clear maclock agefirstarrival 17-60

Table of Contents

Related product manuals

Preview: Enterasys C3G124-24

Enterasys C3G124-24

Enterasys B5K125-48

Preview: Enterasys B5G124-24

Enterasys B5G124-24

Enterasys 08G20G4-48

Preview: Enterasys 08H20G4-24

Enterasys 08H20G4-24

Preview: Enterasys B5G124-24P2

Enterasys B5G124-24P2

Enterasys B5K125-48P2

Preview: Enterasys SecureStack C2

Enterasys SecureStack C2

Preview: Enterasys Matrix 2G4072-52

Enterasys Matrix 2G4072-52

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24

Preview: SecureStack B3 B3G124-48

SecureStack B3 B3G124-48

Preview: SecureStack B3 B3G124-24P

SecureStack B3 B3G124-24P