Manualshelf

Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806
441442443444445446447448449450
Chapter 17. Security | 441
NETGEAR 8800 User Manual
new device cannot replace it until the lockdown timer for the first device has expired. This
condition is true if the limit on the port is set to 1 or if the limit (greater than 1) on the port
has been reached.
If a learning limit is already configured on a port when you enable the lockdown timeout
feature, the configured limit will continue to apply. Existing blackholed entries are
therefore not affected. If you enable this feature on a port with no configured learning
limit, the default maximum learning limit (unlimited learning) is used.
This section describes the following topics:
Understanding the Lockdown Timer on page 441
Examples of Active and Inactive Devices on page 441
Examples of Disconnecting and Reconnecting Devices on page 442
Example of Port Movement on page 444
Configuring MAC Address Lockdown with Timeout on page 444
Enabling and Disabling MAC Address Lockdown with Timeout on page 444
Displaying MAC Address Lockdown Information on page 444
Understanding the Lockdown Timer
The lockdown timer works in the following ways:
When you enable this feature on a port, existing MAC entries for the port begin aging out
based on the configured MAC lockdown timer value.
If you move a device from one port to another, its MAC address entry is updated with the
new port information, including the lockdown timer value configured for that port.
If this feature is enabled on a port and you decrease the lockdown timer value for that
port, all of the MAC FDB entries for that port will time out and be removed at the next
polling interval.
When you disable the lockdown timer on a port, existing MAC address entries for the port
will time out based on the FDB aging period.
Examples of Active and Inactive Devices
Figure 28 shows three devices (A, B, and C) connected through a hub to an NETGEAR
device with MAC lockdown timeout configured on the ports. When each device starts sending
traffic, the source MAC address of the device is learned and FDB entries are created. The
MAC lockdown timer is set at 100 seconds.