CRS125 port locking

I’m looking at using a CRS125 in a situation where I need to lock ports to specific client MAC addresses. I know ACL doesn’t work on these switches but I was looking at the learning options on the switch ports. I’m a little hazy on how that would work (if it’s even the right thing to do!) though. The documentation on these options seems to be very limited and I didn’t find any examples where people had done it before.

If I understand correctly I should be able to disable mac address learning on a per-port basis, but in this case how can I define the mac addresses which can use the port? Alternatively I think I could set the learning limit to one or two as required and allow the switch to learn the devices which are permitted on each port, but then how can I view the mac addresses which each port has learned and, more importantly, how can I remove learned devices when I want to change them in the future?

Or am I barking up completely the wrong tree here? Any thoughts would be appreciated!

I’ve also noticed that, unless I misunderstood somewhere along the way, it seems to be the same in SwOS on the 260GS. The web interface gives me the option to turn on Port Lock and to turn on learning separately, but then there don’t seem to be any options to set a user-defined MAC address if I don’t want to allow the switch to learn the MAC, or to view and reset the learned MAC if I do want the switch to learn.

Given both devices and interfaces have a similar set of functionality, am I missing the point of this option? Does it not do what I want it to do?

Sadly I haven’t managed to find a way to do this. It looks like these devices aren’t quite what I need for this problem. It’s a real shame because the price is right and the added ability to route from selected ports is a real bonus.

Perhaps future software releases will make this a whole lot easier. I’ll keep an eye on it!