Configuring and Monitoring Port Security
MAC Lockdown
Other Useful Information.
Once you lock down a MAC address/VLAN pair
on one port that pair cannot be locked down on a different port.
You cannot perform MAC Lockdown and 802.1X authentication on the same
port or on the same MAC address. MAC Lockdown and 802.1X authentication
are mutually exclusive.
Lockdown is permitted on static trunks (manually configured link aggrega
tions).
Differences Between MAC Lockdown and Port Security
Because port-security relies upon MAC addresses, it is often confused with
the MAC Lockdown feature. However, MAC Lockdown is a completely differ
ent feature and is implemented on a different architecture level.
Port security maintains a list of allowed MAC addresses on a per-port basis.
An address can exist on multiple ports of a switch. Port security deals with
MAC addresses only while MAC Lockdown specifies both a MAC address and
a VLAN for lockdown.
MAC Lockdown, on the other hand, is not a “list.” It is a global parameter on
the switch that takes precedence over any other security mechanism. The
MAC Address will only be allowed to communicate using one specific port on
the switch.
MAC Lockdown is a good replacement for port security to create tighter
control over MAC addresses and which ports they are allowed to use (only
one port per MAC Address on the same switch in the case of MAC Lockdown).
(You can still use the port for other MAC addresses, but you cannot use the
locked down MAC address on other ports.)
Using only port security the MAC Address could still be used on another port
on the same switch. MAC Lockdown, on the other hand, is a clear one-to-one
relationship between the MAC Address and the port. Once a MAC address has
been locked down to a port it cannot be used on another port on the same
switch.
The switch does not allow MAC Lockdown and port security on the same port.
11-25
Summary of Contents for J8697A
Page 1: ...6200yl Access Security Guide 5400zl 3500yl ProCurve Switches K 11 XX www procurve com ...
Page 2: ......
Page 22: ...Product Documentation Feature Index xx ...
Page 55: ...Configuring Username and Password Security Front Panel Security 2 21 ...
Page 56: ...Configuring Username and Password Security Front Panel Security 2 22 ...
Page 58: ...Virus Throttling Contents Operating Notes 3 30 Connection Rate Log and Trap Messages 3 31 3 2 ...
Page 88: ...Virus Throttling Connection Rate Log and Trap Messages This page is intentionally unused 3 32 ...
Page 118: ...Web and MAC Authentication Client Status This page intentionally unused 4 30 ...
Page 356: ...Configuring and Monitoring Port Security Operating Notes for Port Security 11 44 ...
Page 370: ...Using Authorized IP Managers Operating Notes This page is intentionally unused 12 14 ...
Page 388: ...10 Index ...
Page 389: ......