Use the VLAN MAC Locking Status page to configure VLAN MAC Locking. VLAN MAC locking allows you to secure the network by locking down allowable MAC addresses on a given VLAN. Packets with a matching source MAC address can be forwarded normally. All other packets will be discarded. VLAN MAC locking will lock the dynamic MAC entries.
If VLAN and port MAC locking are enabled, VLAN MAC locking will be given precedence over port MAC locking.
To access this page, click
in the navigation menu.Field | Description |
---|---|
VLAN ID | The VLAN ID specified in the Ethernet frame received by the interface. |
Interface | The interface associated with the rest of the data in the row. |
Dynamic MAC Address | The MAC address that was learned on the device. An address is dynamically learned when a frame arrives on the interface and the source MAC address in the frame is added to the MAC address table. |
Max Dynamic Addresses Allowed | The number of source MAC addresses that can be dynamically learned on an interface. If an interface reaches the configured limit, any other addresses beyond that limit are not learned, and the frames are discarded. Frames with a source MAC address that has already been learned will be forwarded. A dynamically-learned MAC address is removed from the MAC address table if the entry ages out, the link goes down, or the system reboots. Note that the behavior of a dynamically-learned address changes if the sticky mode for the interface is enabled or the address is converted to a static MAC address. |
Operational MAC Limit | The number of source MAC addresses that are dynamically currently reached to that of Maximum Configured MAC Limit. |
Violation Shutdown Mode | After MAC limit has reached, action will shut down the ports participating in the VLAN. |
Violation Trap Mode | After MAC limit has reached, a log message will be generated with violation MAC address details. |
To configure The VLAN MAC Locking, use the following buttons to perform the tasks: