Ensuring Mac Security Can Never Accidentally Be Enabled On Uplinks - Avaya ERS 3500 Technical Configuration Manual
Mac address based security
Hide thumbs
Also See for ERS 3500:
- Regulatory information (90 pages) ,
- Fundamentals (80 pages) ,
- Manual (60 pages)
Table of Contents
Advertisement
vlan ports 23-24 pvid 47
vlan configcontrol automatic
mlt 1 name "Trunk #1" enable member 23-24
interface FastEthernet ALL
spanning-tree port 1-20 learning fast
spanning-tree port 23-24 learning disable
exit
vlan mgmt 47
mlt spanning-tree 1 stp 1 learning disable
2.1 Ensuring MAC Security can never accidentally be
enabled on uplinks
The MAC Security feature is only intended as a feature to enable on access ports. Accidentally enabling
the feature on the edge switch uplinks can have serious consequences which might end up rendering the
edge switch isolated from the rest of the network.
To prevent this from happening, the ERS5000 and VSP7000 have a MAC Security port lock-out feature
which can be enabled on the switch uplink ports so that they will never enable or accept any MAC
Security related configuration. In our setup we would enable port lock-out on our MLT uplink ports 23&24.
2.1.1
Using ACLI
Enable Port lock-out for MLT uplink ports 23-24
Avaya-ERS-Switch(config)# interface FastEthernet 23-24
Avaya-ERS-Switch(config-if)# mac-security lock-out
Avaya-ERS-Switch(config-if)# exit
Checking Port lock-out for MLT uplink ports 23-24
Avaya-ERS-Switch# show mac-security port 23-24
Port
Trunk
Security
----
-----
--------
23
Disabled
24
Disabled
November 2010
Auto-Learning
MAC Number Security Locked-out
-------------
---------- -------------------
Disabled
2
Disabled
2
Avaya Inc. – Internal Distribution
Enabled
Enabled
avaya.com
13
Hide quick links:
Advertisement
Table of Contents
