Mac Lockdown - HP ProCurve Switch 2900yl-24G Access Security Manual

Configuring and Monitoring Port Security

MAC Lockdown

N o t e
10-22
The following command serves this purpose by removing 0c0090-123456 and
reducing the Address Limit to 1:
ProCurve(config)# port-security a1 address-limit 1
ProCurve(config)# no port-security a1 mac-address 0c0090-
123456
The above command sequence results in the following configuration for port
A1:
Figure 10-9. Example of Port A1 After Removing One MAC Address

MAC Lockdown

MAC Lockdown, also known as "static addressing," is the permanent assign-
ment of a given MAC address (and VLAN, or Virtual Local Area Network) to
a specific port on the switch. MAC Lockdown is used to prevent station
movement and MAC address hijacking. It also controls address learning on
the switch. When configured, the MAC Address can only be used on the
assigned port and the client device will only be allowed on the assigned VLAN.
Port security and MAC Lockdown are mutually exclusive on a given port. You
can either use port security or MAC Lockdown, but never both at the same
time on the same port.
Syntax: [no] static-mac < mac-addr > vlan < vid > interface < port-number >