MAC Lockdown

Syntax:

static-mac {< mac-addr > vlan < vid > interface < port-number >}
no static-mac {< mac-addr > vlan < vid > interface < port-number >}
Locks down a given MAC address and VLAN to a specific port.

A separate command is necessary for each MAC/VLAN pair you wish to lock down. If not specifying a VID, the switch inserts "1".

MAC Lockdown, also known as "static addressing," is the permanent assignment of a given MAC address and VLAN to a specific port on the switch. MAC Lockdown is used to prevent station movement and MAC address hijacking. It also controls address learning on the switch.

Locking down a MAC address on a port and a specific VLAN only restricts the MAC address on that VLAN. The client device with that MAC address is allowed to access other VLANs on the same port or through other ports.

NOTE:

Port security and MAC Lockdown are mutually exclusive on a given port.