Using Mac Security To Tie Down Server Macs Using Active/Standby Nics; Figure 9: Mac-Security With Active-Standby Nics; Example 3 - Avaya ERS 3500 Technical Configuration Manual
Mac address based security
Hide thumbs
Also See for ERS 3500:
- Regulatory information (90 pages) ,
- Fundamentals (80 pages) ,
- Manual (60 pages)
Table of Contents
Advertisement
avaya.com
3.3 Using MAC Security to tie down Server MACs
using Active/Standby NICs
In this example, again another military favorite, we want to use MAC Security in the Data Centre on the
server aggregation switches but with the added challenge that the servers can be using dual NICs in
Active/Standby fashion.
Figure 9: MAC-Security with Active-Standby NICs; example 3
This means that the server MAC address will normally be seen on the ethernet port corresponding to the
Active NIC but can move to an alternative ethernet port corresponding to the Standby NIC.
In this example we will use Security Lists which will allow us to tie the authorized MAC addresses to a
Security List instead of an ethernet port. The security list will then include the two ethernet ports where
the server NICs are connected.
3.3.1
Using ACLI
3.3.1.1 Initial Switch configuration
Create the Security Lists (one for each server)
Avaya-ERS-Switch(config)# mac-security security-list 1 7-8
Avaya-ERS-Switch(config)# mac-security security-list 2 9-10
Note – Up to 32 Security Lists can be created.
Globally enable MAC Security
Avaya-ERS-Switch(config)# mac-security enable
Enable MAC Security on the access ports
Avaya-ERS-Switch(config)# interface FastEthernet 1-20
Avaya-ERS-Switch(config-if)# mac-security enable
Avaya Inc. – Internal Distribution
November 2010
49
Hide quick links:
Advertisement
Table of Contents
