To Next Page

To Previous Page

Configuring MAC Locking

18-46 Security Configuration

Configuring MAC Locking

ThisfeaturelocksaMACaddresstooneormoreports,preventingconnectionofunauthorized

devicesthroughtheport(s).WhensourceMACaddressesarereceivedonspecifiedports,the

switchdiscardsallsubsequentframes notcontainingtheconfiguredsourceaddresses.Theonly

framesforwardedona“locked”portarethosewith

the“locked”MACaddress(es)forthatport.

TherearetwomethodsoflockingaMACtoaport:firstarrivalandstatic.Thefirstarrivalmethod

isdefinedtobelockingthefirstnnumberofMACswhicharriveonaportconfiguredwithMAC

lockingenabled.Thevaluenis

configuredwiththesetmaclockfirstarrivalcommand.

ThestaticmethodisdefinedtobestaticallyprovisioningaMAC‐portlockusingthesetmaclock

command.ThemaximumnumberofstaticMACaddressesallowedforMAClockingonaport

canbeconfiguredwiththesetmaclockstaticcommand.

Youcanconfigure

theswitchtoissueaviolationtrapifapacketarriveswithasourceMAC

addressdifferentfromanyofthecurrentlylockedMACaddressesforthatport.

MACsareunlockedasaresultof:

•Alinkdownevent

•WhenMAClock ingisdisabledonaport

•WhenaMACisaged

outoftheforwardingdatabasewhenFirstArrivalagingisenabled

Whenproperlyconfigured,MAClockingisanexcellentsecuritytoolasitpreventsMACspoofing

onconfiguredports.AlsoifaMACweretobesecuredbysomethinglikeDragonDynamic

IntrusionDetection,MAClockingwouldmakeitmoredifficultfor

ahackertosendpacketsinto

thenetworkbecausethehackerwouldhavetochangetheirMACaddressandmovetoanother

port.Inthemeantimethesystemadministratorwouldbereceivingamaclocktrapnotification.

Purpose

Toreview,disable,enable,andconfigureMAClocking.

Commands

administrative

egress

Port status as assigned by the set vlanauthorization egress command

operational egress If authentication has succeeded, displays the VLAN id assigned for egress.

vlan id If authentication has succeeded, displays the assigned VLAN id for ingress.

Table 18-5 show vlanauthorization Output Details (Continued)

Output What It Displays...

For information about... Refer to page...

show maclock 18-47

show maclock stations 18-48

set maclock enable 18-49

set maclock disable 18-50

set maclock 18-50

Brand	Enterasys
Model	SecureStack C2
Category	Switch
Language	English

Enterasys SecureStack C2 User Manual

Table of Contents

Questions and Answers:

Enterasys SecureStack C2 Specifications

Related product manuals