Owner's Manual
444 | Chapter 17. Security
NETGEAR 8800 User Manual
Example of Port Movement
Figure 30 shows Device A connected to port X. Port X has a MAC lockdown timer setting of
100 seconds, and port Y has a MAC lockdown timer setting of 200 seconds.
Figure 30. Port Movement with MAC Lockdown Timeout
Device A starts sending traffic on port X. The MAC address for Device A is learned and
added to the FDB, and the MAC lockdown timer (100 seconds) is started for this entry.
After 50 seconds, Device A is disconnected from port X and connected to port Y where it
begins sending traffic. When Device A starts sending traffic on port Y, the existing MAC entry
for Device A is refreshed, and port X in the entry is replaced with port Y. At the same time, the
MAC lockdown timer for the entry is restarted for a duration of 200 seconds (the configured
MAC lockdown timer setting for port Y).
Configuring MAC Address Lockdown with Timeout
To configure the MAC lockdown timeout value on one or more specified ports, or on all ports,
use the following command:
configure mac-lockdown-timeout ports [all | <port_list>] aging-time <seconds>
Enabling and Disabling MAC Address Lockdown with Timeout
To enable the MAC lockdown timeout feature on one or more specified ports, or on all ports,
use the following command:
enable mac-lockdown-timeout ports [all | <port_list>]
To disable the MAC lockdown timeout feature on one or more specified ports, or on all ports,
use the following command:
disable mac-lockdown-timeout ports [all | <port_list>]
Displaying MAC Address Lockdown Information
To display configuration information about the MAC lockdown timeout feature, use the
following command:
show mac-lockdown-timeout ports [all | <port_list>]
Output from this command includes the configured timeout value and whether the feature is
enabled or disabled.
To display the MAC entries learned on one or more ports, or on all ports, use the following
command:
show mac-lockdown-timeout fdb ports [all | <port_list>]
EX_177
Device A
Device X Device Y