HPE Community
Switches, Hubs, and Modems
1751790 Members
4668 Online
108781 Solutions
New Discussion юеВ

mac lock down command hp procurve 2610

 
tasmanian_guy
Occasional Contributor

тАО06-30-2009 02:43 PM

тАО06-30-2009 02:43 PM

mac lock down command hp procurve 2610

Wants to setup mac lockdown on a procurve.

I have tried

config t
static-mac 123456123456 vlan 1 interface 5
write mem
reload

But I can still plug any device into interface 5 and it wont shut down.

The switch has the latest os and can't figure out what I am doing wrong.
1 person had this problem.
0 Kudos
5 REPLIES 5
Bruce Campbell_3
Valued Contributor

тАО06-30-2009 02:49 PM

тАО06-30-2009 02:49 PM

Re: mac lock down command hp procurve 2610


This is what we use, successfully:

port-security 5 learn-mode static action send-alarm mac-address 123456123456

I think your command is just adding a
static mac entry, but not limiting
learning on the port.
Bruce Campbell
Director, Network Services
Information Systems and Technology
MC 1018
(519)888-4567 x38323
University of Waterloo, Waterloo, ON
0 Kudos
cenk sasmaztin
Honored Contributor

тАО07-01-2009 12:22 AM

тАО07-01-2009 12:22 AM

Re: mac lock down command hp procurve 2610

mac lock down term is prevent some mac address connection on switch
if you want prevent some mac address(pc) connect on switch
you must write this command

(config)# lockout-mac [mac address]
cenk

0 Kudos
tasmanian_guy
Occasional Contributor

тАО07-01-2009 02:43 PM

тАО07-01-2009 02:43 PM

Re: mac lock down command hp procurve 2610

You are talking of mac lockout, not mac lock down.

If you read the HP paper configuring and monitoring port security on page 14-22

It states the command is

[no] static-mac vlan interface

Mac lock down is that a device that has its mac address tied down to set port, and if that device is moved an alert is sent.
0 Kudos
Pieter 't Hart
Honored Contributor

тАО07-02-2009 12:45 AM

тАО07-02-2009 12:45 AM

Re: mac lock down command hp procurve 2610

>>>
But I can still plug any device into interface 5 and it wont shut down.
<<<

from the "2610 access securty guide" page 12-17
MAC Lockdown
When configured, the MAC Address can only be used on the assigned port and the client device will only be allowed on the assigned VLAN
Syntax: [no] static-mac < mac-addr > vlan < vid > interface < port-number >

hence it WILL allow other devices on this port!
only the configured mac can NOT be used on another port
0 Kudos
tasmanian_guy
Occasional Contributor

тАО07-05-2009 07:32 PM

тАО07-05-2009 07:32 PM

Re: mac lock down command hp procurve 2610

"hence it WILL allow other devices on this port!
only the configured mac can NOT be used on another port"

Thanks Pete,

To clarify (as I may have not worded it well)but if I plug the authorised device from port 5 to port 6, doesn't that mean port 6 should shut down?

And if I plug a device that is not authorised on port 5, will that port shutdown.

Or will information just be recorded in the log about the movement?

Thanks to everyone so far, greatly appreciated.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.