KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

361

362

363

364

365

366

367

368

369

370

NOTE: A port configured with MAC Lockdown does not accept Multicast MAC

addresses; such a port does accept unicast MAC addresses.

MAC Lockdown, also known as "static addressing," is permanently assigned a given MAC address

and VLAN to a specific port on the switch. Use MAC Lockdown to prevent station movement and

MAC address hijacking and control address learning on the switch.

Locking down a MAC address on a port and a specific VLAN only restricts the MAC address on

that VLAN. The client device with that MAC address can to access other VLANs on the same port

or through other ports.

NOTE: Port security and MAC Lockdown are mutually exclusive on a given port.

Configuring MAC Lockout

Syntax:

[no] lockout-mac mac-address

Locks a MAC address out on the switch and all VLANS.

MAC Lockout involves configuring a MAC address on all ports and VLANs for a switch, so that

any traffic to or from the "locked-out" MAC address is dropped: all data packets addressed to or

from the given address are stopped by the switch. MAC Lockout is like a simple blacklist.

MAC Lockout is implemented on a per switch assignment. To use it you must know the MAC

Address to block. To fully lock out a MAC address from the network it is necessary to use the MAC

Lockout command on all switches.

Configuring instrumentation monitor

The following commands and parameters are used to configure the operational thresholds that are

monitored on the switch. By default, the instrumentation monitor is disabled.

Syntax

[no]instrumentation monitor [parameterName|all]

[<low|med|high|limitValue>]

[log]

Enables/disables instrumentation monitoring log so that event log messages

are generated every time there is an event which exceeds a configured threshold.

(Default threshold setting when instrumentation monitoring is enabled: enabled)

[all]

Enables/disables all counter types on the switch but does not enable/disable

instrumentation monitor logging. (Default threshold setting when enabled: see

parameter listings below)

[arp-requests]

The number of arp requests that are processed each minute. (Default threshold

setting when enabled: 1000 med)

[ip-address-count]

The number of destination IP addresses learned in the IP forwarding table.

(Default threshold setting when enabled: 1000 med)

[learn-discards]

The number of MAC address learn events per minute discarded to help free

CPU resources when busy. (Default threshold setting when enabled: 100 med)

364 Port Security