avaya.com
5. Auto-Learning with Sticky-MAC example
5.1 MAC Security without having to pre-provision
ports when new devices added
In this example, the network administrator, wants the benefits of MAC Security (as provided by regular
MAC Security configuration) but does not want the hassle of having to manually provision MAC Security
ports whenever a new device is added to the network. The assumption is made that when a new device is
added to the network the new MAC address recorded on the ethernet port is automatically tied to that port
and considered as authorized. In this scenario, what is considered unauthorized and hence a violation is
for a known MAC address to move to a different access port or for additional MAC addresses to be seen
on an access port where a MAC address was already recorded.
Figure 18: MAC Security without any provisioning of new devices; example 6
5.1.1
Using ACLI
5.1.1.1 Initial Switch configuration
Globally enable MAC Security
Avaya-ERS-Switch(config)# mac-security enable
Enable Auto-Learning Sticky-MAC mode
Avaya-ERS-Switch(config)# mac-security auto-learning sticky
Enable Auto-Learning, MacMac=1 and MAC Security on the access ports
Avaya-ERS-Switch(config)# interface FastEthernet 1-20
Avaya-ERS-Switch(config-if)# mac-security auto-learning enable max-addrs 1
Avaya-ERS-Switch(config-if)# mac-security enable
Avaya-ERS-Switch(config-if)# exit
Avaya Inc. – Internal Distribution
November 2010
86