Avaya ERS 3500 Technical Configuration Manual page 9
Mac address based security
Hide thumbs
Also See for ERS 3500:
- Regulatory information (90 pages) ,
- Fundamentals (80 pages) ,
- Manual (60 pages)
Table of Contents
Advertisement
Under EDM these options are globally specified as follows:
Note – DA-Filtering is an additional MAC Security functionality which, once enabled, is
permanent to all MAC Security enabled ports (i.e. it does not only apply when a violation is
triggered as could be implied from the EDM Security Action configuration dialog above). With
DA-Filtering it is possible to specify a list of up to 10 MAC addresses to which packets
originating from a MAC Security port are not allowed to send traffic to. The offending traffic is
simply dropped without triggering any violation. This feature is historic and there is no useful
application for this capability in its present form, hence this is not covered any further in this
document.
It should be noted that while an unauthorized device will never be allowed to send traffic into the network
(as its source MAC is blocked) the device can still receive traffic from the network which means the
unauthorized device is able to see broadcast and unknown traffic within the VLAN it is connected to. If
this is deemed to be unsecure, then the port should be partitioned by setting the corresponding Security
Action.
The following table tries to summarize the distinctive characteristics of each of the above 3 modes.
Mode
Feature
Ability to authorize only
manually configured MACs
Ability to assign authorized
MACs to Security lists
instead of ports
Ability to authorize only 1
MAC per port
Ability to authorize only 1
MAC across 2 or more ports
Ability to authorize more
than 1 MAC per port
Discard packets from
unauthorized device/MAC
Prevent unauthorized device
from receiving VLAN traffic
Limit the number of devices
allowed to use an ethernet
November 2010
Regular MAC
Security
Yes
Yes
Yes
Yes (using Security-
lists)
Yes (unlimited)
Yes
Yes (with Security
Action set to Partition)
No
Avaya Inc. – Internal Distribution
Auto-Learning
with MaxMacs
No
No
Yes (with MacMACs =
1; but cannot control
what that MAC will be)
No, any single MAC
will be allowed to
move ports
Yes (25 Max; but
cannot control what
those MACs will be)
Yes
Yes (with Security
Action set to Partition)
Yes
avaya.com
Auto-Learning
with Sticky-Mac
No
No
Yes (with MacMACs =
1)
No
Yes (25 max)
Yes
Yes (with Security
Action set to Partition)
No
9
Hide quick links:
Advertisement
Table of Contents
