Specifications

Security Configuration Command Set

Configuring MAC Locking

SecureStack A2 Configuration Guide 10-65

10.3.6 Configuring MAC Locking

Purpose

To review, disable, enable and configure MAC locking. This feature locks a MAC address to one

or more ports, preventing connection of unauthorized devices through the port(s). When source

MAC addresses are received on specified ports, the switch discards all subsequent frames not

containing the configured source addresses. The only frames forwarded on a “locked” port are those

with the “locked” MAC address(es) for that port.

When properly configured, MAC locking is an excellent security tool as it prevents MAC spoofing

on configured ports. Also if a MAC were to be secured by something like Dragon Dynamic

Intrusion Detection, MAC locking would make it more difficult for a hacker to send packets into

the network because the hacker would have to change their MAC address and move to another port.

In the meantime the system Administrator would be receiving a maclock trap notification.

Commands

The commands needed to configure MAC locking are listed below and described in the associated

section as shown:

• show maclock (Section 10.3.6.1)

• show maclock stations (Section 10.3.6.2)

• set maclock enable (Section 10.3.6.3)

• set maclock disable (Section 10.3.6.4)

• set maclock (Section 10.3.6.5)

• clear maclock (Section 10.3.6.6)

• set maclock static (Section 10.3.6.7)

• clear maclock static (Section 10.3.6.8)

• set maclock firstarrival (Section 10.3.6.9)

• clear maclock firstarrival (Section 10.3.6.10)

• set maclock move (Section 10.3.6.11)

• set maclock trap (Section 10.3.6.12)