Configuring and Monitoring Port Security MAC Lockdown

N o t e

The following command serves this purpose by removing 0c0090-123456 and reducing the Address Limit to 1:

ProCurve(config)# port-security a1 address-limit 1 ProCurve(config)# no port-security a1 mac-address 0c0090- 123456

The above command sequence results in the following configuration for port A1:

Figure 11-9. Example of Port A1 After Removing One MAC AddressMAC Lockdown

MAC Lockdown, also known as “static addressing,” is the permanent assignment of a given MAC address (and VLAN, or Virtual Local Area Network) to a specific port on the switch. MAC Lockdown is used to prevent station movement and MAC address hijacking. It also controls address learning on the switch. When configured, the MAC Address can only be used on the assigned port and the client device will only be allowed on the assigned VLAN.

Port security and MAC Lockdown are mutually exclusive on a given port. You can either use port security or MAC Lockdown, but never both at the same time on the same port.

Syntax: [no] static-mac < mac-addr> vlan < vid > interface < port-number>

11-22