Introduction; Table 1: Mac Security Support Across Avaya Switch Family Types - Avaya ERS 3500 Technical Configuration Manual
Mac address based security
Hide thumbs
Also See for ERS 3500:
- Regulatory information (90 pages) ,
- Fundamentals (80 pages) ,
- Manual (60 pages)
Table of Contents
Advertisement
1. Introduction
The MAC Security feature offers a number of different ways to restrict access to the network based on the
sender's MAC address as well as the number of source MACs seen on the ethernet access port.
The ERS stackables MAC Security feature dates back from the Baystack BaySecure which originally
supported the basic static MAC security mode as well as an Auto-Learning mode which was later
enhanced with the addition of a Sticky MAC support.
The following list provides a breakdown per switch family in terms of additional MAC Security components
and starting from which software version they first became available:
ERS 5000
4.2.0
SW
MAC Security Static & Auto-Learning
6.2.0
SW
MAC Security port lock-out enhancement
6.2.0
SW
MAC Security Auto-Learning Sticky MAC Address
ERS 4000
5.0.0
SW
MAC Security Static & Auto-Learning
5.2.2
SW
MAC Security Auto-Learning Sticky MAC Address
5.4.0
SW
MAC Security Auto-Learning Sticky MAC Address
ERS 3500
5.0.0
SW
MAC Security Static & Auto-Learning & Sticky MAC Address
ERS 2500
4.0.0
SW
MAC Security Static
4.2.0
SW
MAC Security Auto-Learning
4.4.0
SW
MAC Security Auto-Learning Sticky MAC Address
VSP 7000
10.2.0 SW
MAC Security Static & Auto-Learning & Sticky MAC Address
10.2.0 SW
MAC Security port lock-out enhancement
Table 1: MAC Security support across Avaya switch family types
This document will focus on the full capabilities of the MAC Security feature regardless of stackable
switch family type (i.e. assuming a software release greater or equal to the last one shown in the list
above).
First and foremost it is necessary to clarify the various modes and options available. There are essentially
three useful ways to use the MAC Security feature:
1. Regular MAC Security where a list of allowed MAC addresses is configured against either
individual ethernet ports or security lists (which constitute a set of ethernet ports).
There is no limit to how many MACs can be assigned to a given port, the only limit being that a
maximum of 448 MAC can be configured in the MAC Security MAC table.
If a packet is then received on a MAC Security enabled port with a source MAC address which is
not in the list of allowed MAC addresses for that port (or security list) this will trigger a violation
and the packet will be discarded.
The list of authorized MAC addresses can be manually configured and/or updated at any time.
It is also possible to populate the authorized MAC addresses list for a given port by temporarily
suspending MAC Security and activating the Learning mode on selected ports for one-shot
learning. However, currently there is no way to leverage Learning against Security-Lists.
Either way, when a new ethernet access port is to be used, populating the allowed MACs for that
November 2010
Avaya Inc. – Internal Distribution
avaya.com
7
Hide quick links:
Advertisement
Table of Contents
