Enterasys SecureStack C2

Enterasys SecureStack C2

607 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Configuring MAC Locking

18-46 Security Configuration

Configuring MAC Locking

ThisfeaturelocksaMACaddresstooneormoreports,preventingconnectionofunauthorized

devicesthroughtheport(s).WhensourceMACaddressesarereceivedonspecifiedports,the

switchdiscardsallsubsequentframes notcontainingtheconfiguredsourceaddresses.Theonly

framesforwardedona“locked”portarethosewith

the“locked”MACaddress(es)forthatport.

TherearetwomethodsoflockingaMACtoaport:firstarrivalandstatic.Thefirstarrivalmethod

isdefinedtobelockingthefirstnnumberofMACswhicharriveonaportconfiguredwithMAC

lockingenabled.Thevaluenis

configuredwiththesetmaclockfirstarrivalcommand.

ThestaticmethodisdefinedtobestaticallyprovisioningaMAC‐portlockusingthesetmaclock

command.ThemaximumnumberofstaticMACaddressesallowedforMAClockingonaport

canbeconfiguredwiththesetmaclockstaticcommand.

Youcanconfigure

theswitchtoissueaviolationtrapifapacketarriveswithasourceMAC

addressdifferentfromanyofthecurrentlylockedMACaddressesforthatport.

MACsareunlockedasaresultof:

•Alinkdownevent

•WhenMAClock ingisdisabledonaport

•WhenaMACisaged

outoftheforwardingdatabasewhenFirstArrivalagingisenabled

Whenproperlyconfigured,MAClockingisanexcellentsecuritytoolasitpreventsMACspoofing

onconfiguredports.AlsoifaMACweretobesecuredbysomethinglikeDragonDynamic

IntrusionDetection,MAClockingwouldmakeitmoredifficultfor

ahackertosendpacketsinto

thenetworkbecausethehackerwouldhavetochangetheirMACaddressandmovetoanother

port.Inthemeantimethesystemadministratorwouldbereceivingamaclocktrapnotification.

Purpose

Toreview,disable,enable,andconfigureMAClocking.

Commands

administrative

egress

Port status as assigned by the set vlanauthorization egress command

operational egress If authentication has succeeded, displays the VLAN id assigned for egress.

vlan id If authentication has succeeded, displays the assigned VLAN id for ingress.

Table 18-5 show vlanauthorization Output Details (Continued)

Output What It Displays...

For information about... Refer to page...

show maclock 18-47

show maclock stations 18-48

set maclock enable 18-49

set maclock disable 18-50

set maclock 18-50

Table of Contents

Related product manuals

Preview: SecureStack C2 C2G124-24

SecureStack C2 C2G124-24

Preview: SecureStack A2 A2H124-24

SecureStack A2 A2H124-24

Preview: SecureStack B3 B3G124-48

SecureStack B3 B3G124-48

SecureStack A2 A2H254-16

Preview: SecureStack B3 B3G124-24P

SecureStack B3 B3G124-24P

Preview: SecureStack B2 B2G124-48P

SecureStack B2 B2G124-48P

Enterasys SSA-G1018-0652

Preview: Enterasys D-Series

Enterasys D-Series

Preview: Enterasys C3G124-24

Enterasys C3G124-24

Preview: Enterasys 08H20G4-24

Enterasys 08H20G4-24

Preview: Enterasys Matrix-V V2H124-24

Enterasys Matrix-V V2H124-24

Enterasys Matrix E1 1G694-13