Specifications

Configuring MAC Locking

21-46 Security Configuration

Configuring MAC Locking

Purpose

Toreview,disable,enable,andconfigureMAClocking.ThisfeaturelocksaMACaddresstoone

ormoreports,preventingconnectionofunauthorizeddevicesthroughtheport(s).Whensource

MACaddressesarereceivedonspecifiedports,theswitchdiscardsallsubseq uent framesnot

containingtheconfiguredsourceaddresses.Theonlyframes

forwardedona“locked”portare

thosewiththe“locked”MACaddress(es)forthatport.

Whenproperlyconfigured,MAClockingisanexcellentsecuritytoolasitpreventsMACspoofing

onconfiguredports.AlsoifaMACweretobesecuredbysomethinglikeDragonDynamic

IntrusionDetection,MAClockingwould

makeitmoredifficultforahackertosendpacketsinto

thenetworkbecausethehackerwouldhavetochangetheirMACaddressandmovetoanother

port.Inthemeantimethesystemadministratorwouldbe receivingamaclocktrapnotification.

Commands

ThecommandsneededtoconfigureMAClockingarelistedbelow:

For information about... Refer to page...

show maclock 21-47

show maclock stations 21-48

set maclock enable 21-49

set maclock disable 21-50

set maclock 21-50

clear maclock 21-51

set maclock static 21-52

clear maclock static 21-52

set maclock firstarrival 21-53

clear maclock firstarrival 21-54

set maclock move 21-54

set maclock trap 21-55