How to Lock MAC Addresses to Ports

MAC Locking ensures that only specific MAC addresses can access a port, and that traffic from any other MAC addresses will be discarded. There are two kinds of MAC Locking: Dynamic and Static. When you enable Dynamic MAC Locking on a port, the next MAC address that authenticates or accesses the port (up to the maximum number of dynamic locked MAC addresses allowed) will have exclusive access to that port from that time on. Static MAC Locking lets you create a list of locked MAC addresses for a port so that the port only accepts traffic from those MAC addresses.

In order for MAC Locking to take effect on a port, it must be enabled on the port and at the device level. You can enable MAC Locking for a specific port using the Port Properties window MAC Locking Tab, and enable MAC Locking for the device on the MAC Locking Tab (Device), or in the Device Configuration wizard. You can also enable MAC Locking for multiple ports in the Port Configuration wizard. MAC Locking is only available on devices that support it, and is not allowed on backplane and logical ports.

Instructions on:

Dynamic MAC Locking

When Dynamic MAC Locking is enabled on a port, the next MAC address that authenticates or accesses the port (up to the maximum number of dynamic locked MAC addresses allowed) will have exclusive access to that port. Use the Port Configuration Wizard to enable Dynamic MAC Locking on multiple ports, or follow these steps to enable it on a single port.

  1. Select a device in the left-panel Network Elements tab and expand a slot or ports grouping in the right-panel Details view.
  2. Right-click on a port and select Properties from the menu. In the Port Properties window, select the MAC Locking tab (in the top row of tabs).
  3. Select the General sub-tab.
  4. Enable MAC Locking on the port. If the device does not support MAC locking, this option is grayed out.
  5. In the MAC Locking Limits area, set the maximum number of MAC addresses that can be locked dynamically on the port. The numbers in parentheses let you know the range of allowed values for the particular port.
  6. Click Apply.

Static MAC Locking

Static MAC Locking lets you create a list of locked MAC addresses for a port so that the port only accepts traffic from those MAC addresses. You can add Static MAC Locking to a single port or multiple ports.

On a Single Port

  1. Select a device in the left-panel Network Elements tab and expand a slot or ports grouping in the right-panel Details view.
  2. Right-click on a port and select Properties from the menu. In the Port Properties window, select the MAC Locking tab (in the top row of tabs).
  3. Select the General sub-tab.
  4. Enable MAC Locking on the port. If the device does not support MAC locking, this option is grayed out.
  5. In the MAC Locking Limits area, set the maximum number of static MAC addresses that can be locked on the port. The numbers in parentheses let you know the range of allowed values for the particular device. Click Apply.
  6. You can move all Dynamic Locked MAC addresses (with the Locking Cause of "First Arrival") to Static Locked MAC addresses by clicking the Apply button in the Static MAC area. Make sure that the Maximum Number of Static Locked MAC Addresses is set to a large enough value to accommodate all the addresses.
  7. In the Locked MAC Addresses sub-tab, click Retrieve to populate the Locked MAC Addresses table with a list of the MAC addresses currently locked on the selected port.
  8. Click the Add button to open the Add Static MAC window where you can add to the list of locked MAC addresses for the port.
  9. In the Add Static MAC window, the Detected MACs table lists the addresses detected on the selected port and their corresponding index number.
  10. In the Detected MACs table, select the desired MAC address(es) and click Add to list the address(es) in the Statically Add MACs list. You can also enter a MAC address and index number, then click Add to add the address to the Statically Add MACs list. To remove an address from the Statically Add MACs table, select the address(es) and click Remove.
  11. Click OK.

On Multiple Ports

  1. In the Network Elements tab, select a single device, a device group, or the All Devices folder.
  2. Select the MAC Locking tab in the right panel, and click Retrieve to display the current list of locked MAC addresses for the selected device(s) or port group. (If the device does not support the MAC locking feature, the Retrieve and Add buttons are grayed out.)
  3. You can move all Dynamic Locked MAC addresses (with the Locking Cause of "First Arrival") to Static Locked MAC addresses by clicking the Apply button in the Static MAC area. To ensure that all Dynamic Locked MAC addresses are changed to Static, make sure that the Maximum Number of Static Locked MAC Addresses is set to a large enough value in the Port Properties window MAC Locking Tab.
  4. Click the Add button to open the Add Static MAC window where you can create a list of locked MAC addresses.
  5. In the Add Static MAC window, the Detected MACs table lists the addresses detected on the selected device(s) and their corresponding index number and device IP address. (Only MAC addresses for devices that support MAC Locking are displayed.) If you have selected a single device in the left-panel tree, the Device column in the table is not displayed.
  6. In the Detected MACs table, select the desired MAC address(es) and click Add to list the address(es) in the Statically Add MACs list. You can also enter a MAC address and index number, and select a device from the dropdown list, then click Add to add the address to the Statically Add MACs list. (If you have selected a single device in the left-panel tree, the Device dropdown list is not displayed.) To remove an address from the Statically Add MACs table, select the address(es) and click Remove.
  7. Click OK.

Related Information

For information on related concepts:

For information on related tasks:

For information on related windows:

Top