Configuring and Monitoring Port Security
MAC Lockout
MAC Lockout overrides MAC Lockdown, port security, and 802.1x authenti-
cation.
You cannot use MAC Lockout to lock:
• Broadcast or Multicast Addresses (Switches do not learn these)
• Switch Agents (The switch’s own MAC Address)
If someone using a locked out MAC address tries to send data through the
switch a message is generated in the log file:
Lockout logging format:
W 10/30/03 21:35:15 maclock: module A: 0001e6-1f96c0
detected on port A15
W 10/30/03 21:35:18 maclock: module A: 0001e6-1f96c0
detected on port A15
W 10/30/03 21:35:18 maclock: module A: Ceasing lock-out
logs for 5m
As with MAC Lockdown a rate limiting algorithm is used on the log file so that
it does not become overclogged with error messages. (Refer to
“Limiting the
Frequency of Log Messages” on page 11-24.)
11-30
To Next Page
Loading...
