block port movement with MAC lockdown timeout

Hi All, we're using Summit x480 in an ISP environment to aggregate PPPoE traffic from smaller switches. We'd like to increase the network resiliency/security by prohibiting users from sending frames with Source MAC address that belongs to another user. MAC lockdown timeout is an ideal feature for this, if we could prohibit port movement. E.g., the switch should not learn the MAC on a new port if there is an existing FDB entry for it already on another port. Is it possible to implement somehow?

The MACs that users may use can change, so we cannot use static MAC lockdown.

0 replies

Be the first to reply!