Mac Lockdown - HP procurve 5300xl Series Access Security Manual

Configuring and Monitoring Port Security

MAC Lockdown

N o t e
9-18
The following command serves this purpose by removing 0c0090-123456 and
reducing the Address Limit to 1:
HPswitch(config)# port-security a1 address-limit 1
HPswitch(config)# no port-security a1 mac-address 0c0090-
123456
The above command sequence results in the following configuration for port
A1:
Figure 9-8. Example of Port A1 After Removing One MAC Address

MAC Lockdown

MAC Lockdown, also known as "static addressing," is the permanent assign­
ment of a given MAC address (and VLAN, or Virtual Local Area Network) to
a specific port on the switch. MAC Lockdown is used to prevent station
movement and MAC address hijacking. It also controls address learning on
the switch. When configured, the MAC Address can only be used on the
assigned port and the client device will only be allowed on the assigned VLAN.
Port security and MAC Lockdown are mutually exclusive. You can either use
port security or MAC Lockdown, but never both at the same time on the same
port.
Syntax: [no] static-mac < mac-addr > vlan < vid > interface < port-number >