9-25
Configuring and Monitoring Port Security
MAC Lockout
Displaying status.
Locked down ports are listed in the output of the
show
running-config
command in the CLI. The
show static-mac
command also lists
the locked down MAC addresses, as shown below.
Figure 9-11. Listing Locked Down Ports
MAC Lockout
MAC Lockout involves configuring a MAC address on all ports and VLANs for
a switch so that any traffic to or from the “locked-out” MAC address will be
dropped. This means that all data packets addressed to or from the given
address are stopped by the switch. MAC Lockout is implemented on a per
switch assignment.
You can think of MAC Lockout as a simple blacklist. The MAC address is
locked out on the switch and on all VLANs. No data goes out or in from the
blacklisted MAC address to a switch using MAC Lockout.
The number of MAC lockouts allowed per VLAN depends on the number of
VLANs you have configured, as shown below.
Table 9-1.
Number of MAC Lockouts with VLANS
To fully lock out a MAC address from the network it would be necessary to
use the MAC Lockout command on all switches.
To use MAC Lockout you must first know the MAC Address you wish to block.
ProCurve(config)# show static-mac
VLAN MAC Address Port
1 001083-34f8fa 9
Number of locked down MAC addresses = 1
ProCurve(config)#
Max-VLANs
Lockouts
8
50
16
25
>16
2
Syntax:
[no] lockout-mac <
mac-address
>
Summary of Contents for ProCurve 2510-24
Page 1: ...Access Security Guide 2510 www procurve com ProCurve Switches Q 11 XX 2510 24 U 11 XX 2510 48 ...
Page 2: ......
Page 3: ...ProCurve Series 2510 Switches Access Security Guide July 2008 ...
Page 26: ...1 10 Getting Started Need Only a Quick Start ...
Page 104: ...4 30 TACACS Authentication Configuring TACACS on the Switch ...
Page 144: ...5 40 RADIUS Authentication Authorization and Accounting Messages Related to RADIUS Operation ...
Page 174: ...6 30 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 196: ...7 22 Configuring Secure Socket Layer SSL Common Errors in SSL Setup ...
Page 294: ...9 40 Configuring and Monitoring Port Security Configuring Protected Ports ...
Page 308: ...10 14 Using Authorized IP Managers Operating Notes ...
Page 316: ...8 Index ...
Page 317: ......