mac-lockout

Syntax

mac-lockout <MAC-ADDR>

no mac-lockout <MAC-ADDR>

Description

Locks a MAC address globally on the switch and all VLANS. The switch drops all data packets addressed to or from the given address.

The no form of this command unlocks the MAC address globally on the switch and all VLANs.

Command context

config

Parameters

<MAC-ADDR>

Specifies the MAC address.

Authority

Administrators or local user group members with execution rights for this command.

Usage

MAC lockout is implemented on each switch individually. MAC lockout overrides MAC lockdown, port security (secure MAC), and 802.1X authentication. The MAC lockout feature is not intended to lock broadcast/multicast MAC addresses and switch agent MACs.

A maximum of 200128 MAC lockouts can be configured on a switch.

Example

Enabling MAC lockout:

switch(config)# mac-lockout 00:00:00:00:00:01

Disabling MAC lockout:

switch(config)# no mac-lockout 00:00:00:00:00:01