Configuring MAC Lockdown

Syntax


static-mac {<mac-addr> | [vlan] | <vid> | [interface] | <port-number>}
no static-mac {<mac-addr> | [vlan] | <vid> | [interface] | <port-number>}

Locks down a given MAC address and VLAN to a specific port.

A separate command is necessary for each MAC/VLAN pair you wish to lock down. If not specifying a VID, the switch inserts "1".

NOTE:

A port configured with MAC Lockdown does not accept Multicast MAC addresses; such a port does accept unicast MAC addresses.

MAC Lockdown, also known as "static addressing," is permanently assigned a given MAC address and VLAN to a specific port on the switch. Use MAC Lockdown to prevent station movement and MAC address hijacking and control address learning on the switch.

Locking down a MAC address on a port and a specific VLAN only restricts the MAC address on that VLAN. The client device with that MAC address can to access other VLANs on the same port or through other ports.

NOTE:

Port security and MAC Lockdown are mutually exclusive on a given port.