3.2 Ensuring that no new unauthorized device (MAC)
is added to the network
In this example the network administrator wants to start using MAC Security but does not have the time or
will to manually configure every single MAC address which is already on his network. The assumption is
made that existing MAC addresses on the network are allowed with the intention that once MAC Security
has been enabled no further device (MAC) can be added to the network or moved to a different port
without the knowledge and permission of the network administrator.
3.2.1
Using ACLI
3.2.1.1 Initial Switch configuration
Globally enable MAC Security
Avaya-ERS-Switch(config)# mac-security enable
Enable learning on the access ports
Avaya-ERS-Switch(config)# mac-security learning-ports 1-20
Avaya-ERS-Switch(config)# mac-security learning enable
Note – There is an alternative syntax for enabling learning on the port interfaces:
Avaya-ERS-Switch(config)# interface FastEthernet 1-20
Avaya-ERS-Switch(config-if)# mac-security learning
Avaya-ERS-Switch(config-if)# exit
Verify that MAC Security learning mode is enabled
Avaya-ERS-Switch#% show mac-security config
MAC Address Security: Enabled
MAC Address Security SNMP-Locked: Disabled
November 2010
Figure 7: Regular MAC Security; example 2
Avaya Inc. – Internal Distribution
avaya.com
34