MACLOCK preventing unauthorized mac address


I want to configure port's B5 (firmware 6.81) something like Cisco port security. I want statically provisioning a mac port lock. I configure this:

set maclock enable
set maclock trap ge.6.30 enable violation
set maclock syslog ge.6.30 enable violation
set maclock static ge.6.30 1
set maclock 00:1d:70:96:8c:1c ge.6.30 create

If an other device with a diferent mac address conect in this port, port go to down.

This way don't work, I tested.

Anyone can help me.


10 replies

Userlevel 7
I'm not an expert but I think you'd need this command ...

# set maclock disable-port

If it doesn't work could you provide a screenshot of "show maclock"

Userlevel 7
That works for me.....

G3(su)-> show config maclock
set maclock enable
set maclock static ge.1.8 1
set maclock firstarrival ge.1.8 0
set maclock disable-port ge.1.8
set maclock enable ge.1.8
set maclock 00:1d:70:96:8c:1c ge.1.8 create

G3(su)->show maclock ge.1.8
MAC locking is globally enabled

Port Port Trap Syslog Aging Port Clr Max Max Last Violating
Number Stat Thr|Viol Thr|Viol Stat Dis|Viol OLC Stc FA MAC Address
-------- ---- -------- -------- ---- -------- --- --- ---- -----------------
ge.1.8 ena dis|dis dis|dis dis ena|ena ena 1 0 00:04:96:8b:d2:98

G3(su)->show port status ge.1.8
Alias Oper Admin Speed
Port (truncated) Status Status (bps) Duplex Type
--------- ------------ ------- ------- --------- ------- ------------
ge.1.8 XOS_X430 Down Up N/A N/A BaseT RJ45/PoE
Hi Ronald.

I configured "set maclock disable-port", but don't work. I configured "set maclock firstarrival ge.6.30 1 " too, it works in case more than 2 mac address try to conect the port, a switch for example.

Screenshot of "show maclock":

Ronald now works.

Did you note my configuration "set maclock firstarrival ge.6.30 1 " ?

When I saw your configuration set maclock firstarrival ge.1.8 0

Then I changed and ok. Port locked when the different mac address showed up.

Thks Ronald.
Userlevel 7
Great, glad that I was able to help.

Thks again Ronald.

Hi, Ronald.

Another help.

Look what has happened. The mac address marked "last violation" not connected, like this mac address is prohibited.

Do you know, how can I clear this entry?
Userlevel 7
You could clear the violation with this command....

G3(su)->clear maclock violation disable-port ge.1.8
I did this, but don't clear.

If I configure port firstarrival 0, the device with this mac don't work.

SW_B5_7B(su)->show mac port ge.6.30
No entries found.

Thks again for your help.
Ronald, I understand.

I have to create each mac address I want to connect in this port.
When a change to happen, I will create a new entry and delete an old mac.

set maclock 00:0e:08:d4:c7:9f ge.6.30 create
set maclock 00:1d:70:96:8c:1c ge.6.30 create

What do you think? Is it correct?