- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- MAC address lockdown
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2006 01:46 AM
тАО02-24-2006 01:46 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2006 05:10 PM
тАО02-24-2006 05:10 PM
SolutionSee section 9-25 for the 2600 and 2800 switches:
ftp://ftp.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap09-Port_Security.pdf
See section 11-21 for the 5300:
ftp://ftp.hp.com/pub/networking/software/6400-5300-3400-Security-Oct2005-59906052.pdf
Good luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2006 09:57 PM
тАО02-24-2006 09:57 PM
Re: MAC address lockdown
All MAC addresses are learned dynamically and stored to config. In case of any user insert other device to a switch you will receive Alarm and port will stay blocked. User will need to contact sysadmin to unblock the port.
You can also look for 802.1X. This is 95% more centralized solution.
Both 802.1X and MAC lockdown do not protect from recent attacks (APR poisoning)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2006 10:24 PM
тАО02-26-2006 10:24 PM
Re: MAC address lockdown
It works fairly well, the only down side is it can be hard to manage if you have a lot of devices.
We use it because students like to plug there own laptops in and try and gain access to the network, If they try this now then the port is disabled until IT re-enables it.
We use :
Switch(Config)#port-security xx-xx learn-mode static action send-disable address-limit 1
xx-xx is the port range that you want to enable it on. Learn-mode static means it does not continuously learn MAC addresses and we have set the address-limit to 1 so it only learns 1 address per port.
The action command sends an alert to our PCM+ software and disbales the port if an alien MAC address is detected.
I would recommend using this if you don't want to go the 802.1x route and if your environment remains fairly static. If you change PC's/Move PC's a lot then it can be a real nightmare staying on top of it!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2006 09:18 PM
тАО07-03-2006 09:18 PM
Re: MAC address lockdown
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-05-2006 07:45 PM
тАО07-05-2006 07:45 PM
Re: MAC address lockdown
Delete the address by using 'no port-security
(From Matt's post previoulsy....)
You should then be able to enable the port and it will pick up the new MAC address.