Differences Between Mac Lockdown And Port Security - HP Q.11.XX Manual

Procurve 2510 series switches
Table of Contents

Advertisement

Configuring and Monitoring Port Security
MAC Lockdown
If the device (computer, PDA, wireless device) is moved to a different port on
the switch (by reconnecting the Ethernet cable or by moving the device to an
area using a wireless access point connected to a different port on that same
switch), the port will detect that the MAC Address is not on the appropriate
port and will continue to send traffic out the port to which the address was
locked.
Once a MAC address is configured for one port, you cannot perform port
security using the same MAC address on any other port on that same switch.
You cannot lock down a single MAC Address/VLAN pair to more than one port;
however you can lock down multiple different MAC Addresses to a single port
on the same switch.
Stations can move from the port to which their MAC address is locked to other
parts of the network. They can send, but will not receive data if that data must
go through the locked down switch. Please note that if the device moves to a
distant part of the network where data sent to its MAC address never goes
through the locked down switch, it may be possible for the device to have full
two-way communication. For full and complete lockdown network-wide all
switches must be configured appropriately.
Other Useful Information. Once you lock down a MAC address/VLAN pair
on one port that pair cannot be locked down on a different port.
You cannot perform MAC Lockdown and 802.1X authentication on the same
port or on the same MAC address. MAC Lockdown and 802.1X authentication
are mutually exclusive.
Lockdown is permitted on static trunks (manually configured link aggrega-
tions).

Differences Between MAC Lockdown and Port Security

Because port-security relies upon MAC addresses, it is often confused with
the MAC Lockdown feature. However, MAC Lockdown is a completely differ-
ent feature and is implemented on a different architecture level.
Port security maintains a list of allowed MAC addresses on a per-port basis.
An address can exist on multiple ports of a switch. Port security deals with
MAC addresses only while MAC Lockdown specifies both a MAC address and
a VLAN for lockdown.
9-19

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

U.11.xxProcurve 2510-24Procurve 2510-48

Table of Contents