To Next Page

To Previous Page

Configuring MAC Locking

20-46 Security Configuration

Configuring MAC Locking

ThisfeaturelocksaMACaddresstooneormoreports,preventingconnectionofunauthorized

devicesthroughtheport(s).WhensourceMACaddressesarereceivedonspecifiedports,the

switchdiscardsallsubsequentframes notcontainingtheconfiguredsourceaddresses.Theonly

framesforwardedona“locked”portarethosewith

the“locked”MACaddress(es)forthatport.

TherearetwomethodsoflockingaMACtoaport:firstarrivalandstatic.Thefirstarrivalmethod

isdefinedtobelockingthefirstnnumberofMACswhicharriveonaportconfiguredwithMAC

lockingenabled.Thevaluenis

configuredwiththesetmaclockfirstarrivalcommand.

ThestaticmethodisdefinedtobestaticallyprovisioningaMAC‐portlockusingthesetmaclock

command.ThemaximumnumberofstaticMACaddressesallowedforMAClockingonaport

canbeconfiguredwiththesetmaclockstaticcommand.

Youcanconfigure

theswitchtoissueaviolationtrapifapacketarriveswithasourceMAC

addressdifferentfromanyofthecurrentlylockedMACaddressesforthatport.

MACsareunlockedasaresultof:

•Alinkdownevent

•WhenMAClock ingisdisabledonaport

•WhenaMACisaged

outoftheforwardingdatabasewhenFirstArrivalagingisenabled

Whenproperlyconfigured,MAClockingisanexcellentsecuritytoolasitpreventsMACspoofing

onconfiguredports.AlsoifaMACweretobesecuredbysomethinglikeDragonDynamic

IntrusionDetection,MAClockingwouldmakeitmoredifficultfor

ahackertosendpacketsinto

thenetworkbecausethehackerwouldhavetochangetheirMACaddressandmovetoanother

port.Inthemeantimethesystemadministratorwouldbereceivingamaclocktrapnotification.

Purpose

Toreview,disable,enable,andconfigureMAClocking.

Commands

administrative

egress

Port status as assigned by the set vlanauthorization egress command

operational egress If authentication has succeeded, displays the VLAN id assigned for egress.

vlan id If authentication has succeeded, displays the assigned VLAN id for ingress.

Table 20-5 show vlanauthorization Output Details (Continued)

Output What It Displays...

For information about... Refer to page...

show maclock 20-47

show maclock stations 20-48

set maclock enable 20-49

set maclock disable 20-50

set maclock 20-50

Brand	Enterasys
Model	SecureStack B3
Category	Switch
Language	English

Enterasys SecureStack B3 User Manual

Table of Contents

Questions and Answers:

Enterasys SecureStack B3 Specifications

Related product manuals