14.3.4 Configuring MAC Locking
Purpose
To review, disable, enable and configure MAC locking. This locks a port to one or more MAC
addresses, preventing connection of unauthorized devices via the port(s). When source MAC
addresses are received on specified ports, the switch discards all subsequent frames not containing
the configured source addresses. The only frames forwarded on a "locked" port are those with the
"locked" MAC address(es) for that port.
NOTE: The Matrix E1 MAC locking commands have no direct interdependencies with
the MAC authentication commands described in
at a port, the Matrix E1 device runs the MAC locking algorithm first. If the frame passes
the MAC lock (i.e., it is not in violation), then the frame is eligible for authentication.
Commands
The commands needed to configure MAC locking are listed below and described in the associated
section as shown:
•
show maclock
(Section
•
show maclock stations
•
set maclock enable
•
set maclock disable
•
set maclock
(Section
•
set maclock firstarrival
•
set maclock static
•
set maclock move
•
clear maclock static
•
show maclock autostatic
•
set maclock autostatic
•
set maclock autostatic isl
•
set maclock autostatic publicvlan
•
set maclock autostatic publicmac
•
set maclock autostatic passthroughmac
14.3.4.1)
(Section
14.3.4.2)
(Section
14.3.4.3)
(Section
14.3.4.4)
14.3.4.5)
(Section
14.3.4.6)
(Section
14.3.4.7)
(Section
14.3.4.8)
(Section
14.3.4.9)
(Section
14.3.4.10)
(Section
14.3.4.11)
(Section
14.3.4.12)
(Section
(Section
Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
Section
14.3.4.13)
14.3.4.14)
(Section
14.3.4.15)
Security Configuration Command Set
Configuring MAC Locking
14.3.3. When a frame arrives
14-43