14-33
Configuring and Monitoring Port Security
MAC Lockout
MAC Lockout overrides MAC Lockdown, port security, and 802.1X authenti-
cation.
You cannot use MAC Lockout to lock:
• Broadcast or Multicast Addresses (Switches do not learn these)
• Switch Agents (The switch’s own MAC Address)
A MAC address can exist on many different VLANs, so a lockout MAC address
must be added to the MAC table as a drop. As this can quickly fill the MAC
table, restrictions are placed on the number of lockout MAC addresses based
on the number of VLANs configured.
There are limits for the number of VLANs, Multicast Filters, and Lockout
MACs that can be configured concurrently as all use MAC table entries. The
limits are shown below.
Table 14-17. Limits on Lockout MACs
VLANs Configured Number of MAC Lockout
Addresses
Total Number of MAC
Addresses
1-8 200 1,600
9-16 100 1,600
17-256 64 16,384
257-1024 16 16,384
1025-2048 8 16,384
# VLANs # Multicast Filters # Lockout MACs
< = 1024 16 16
1025-2048 8 8
To Next Page
Loading...
Need help?
General