Configuring and Monitoring Port Security
MAC Lockout
MAC Lockout overrides MAC Lockdown, port security, and 802.1x authenti-
cation.
You cannot use MAC Lockout to lock:
• Broadcast or Multicast Addresses (Switches do not learn these)
• Switch Agents (The switch’s own MAC Address)
If someone using a locked out MAC address tries to send data through the
switch a message is generated in the log file:
Lockout logging format:
W 10/30/03 21:35:15 maclock: module A: 0001e6-1f96c0
detected on port A15
W 10/30/03 21:35:18 maclock: module A: 0001e6-1f96c0
detected on port A15
W 10/30/03 21:35:18 maclock: module A: Ceasing lock-out
logs for 5m
As with MAC Lockdown a rate limiting algorithm is used on the log file so that
it does not become overclogged with error messages. (Refer to “Limiting the
Frequency of Log Messages” on page 12-20.)
Displaying status. Locked out ports are listed in the output of the show
running-config command in the CLI. The show lockout-mac command also lists
the locked out MAC addresses, as shown below.
ProCurve# show lockout-mac
Locked Out Addresses
007347-a8fd30
Number of locked out MAC addresses = 1
Figure 12-12.Listing Locked Out Ports
12-26
To Next Page
