Enable Auto-Learning, MacMac=1 and MAC Security on the access ports
Avaya-ERS-Switch(config)# interface FastEthernet 1-20
Avaya-ERS-Switch(config-if)# mac-security auto-learning enable max-addrs 1
Avaya-ERS-Switch(config-if)# mac-security enable
Avaya-ERS-Switch(config-if)# exit
Enable permanent partition of the port upon security violation
Avaya-ERS-Switch# mac-security intrusion-detect forever
Tip – It is also possible to partition the port just temporarily, instead of permanently using these
commands:
Avaya-ERS-Switch# mac-security intrusion-detect enable
Avaya-ERS-Switch# mac-security intrusion-timer <0-65535>
4.1.1.2 Checking MAC Security operational status
Verify that MAC Security is globally enabled
Avaya-ERS-Switch# show mac-security config
MAC Address Security: Enabled
MAC Address Security SNMP-Locked: Disabled
Partition Port on Intrusion Detected: Forever
DA Filtering on Intrusion Detected: Disabled
MAC Auto-Learning Age-Time:
MAC Auto-Learning Sticky Mode: Disabled
Current Learning Mode: Disabled
Learn by Ports: NONE
Verify that Auto-Learning, MaxMac=1 and MAC Security is enabled on the access ports
Avaya-ERS-Switch# show mac-security port
Port
Trunk
Security
----
-----
--------
1
Enabled
2
Enabled
3
Enabled
4
Enabled
5
Enabled
6
Enabled
November 2010
60 minutes
Auto-Learning
MAC Number
-------------
----------
Enabled
1
Enabled
1
Enabled
1
Enabled
1
Enabled
1
Enabled
1
Avaya Inc. – Internal Distribution
avaya.com
75