Table 3: Mac Security Config Commands Vs. Mode Matrix - Avaya ERS 3500 Technical Configuration Manual

The table below attempts to clarify which CLI commands are relevant to each of the above modes.
Commands which are not listed for a given mode are not to be used for that mode.
Mode / Context Global config commands
mac-security enable|disable
Common to all 3
modes
[no] mac-security snmp-trap
mac-security intrusion-detect
forever|enable|disable
mac-security intrusion-timer <0-65535>
mac-security snmp-lock enable|disable
[no] mac-security security-list <list>
Regular MAC
<ports>
Security
mac-security mac-address-table address
<MAC> port <port>
mac-security mac-address-table address
<MAC> security-list <list>
mac-security learning enable|disable
mac-security learning-ports <ports>
Auto-Learning
with MaxMacs
[no] mac-security auto-learning sticky
Auto-Learning
with Sticky-Mac
mac-security mac-address-table sticky-
address <MAC> port <port>

Table 3: MAC Security config commands vs. mode matrix

This document will use some real life examples where each of the above modes can be used.
Note that another option for authenticating devices by MAC address is Non-EAP (NEAP) authentication
whereby source MAC addresses are authenticated against a centralized RADIUS Server. NEAP was
designed for network environments where 802.1X EAP is deployed for network access control in order to
allow non-EAP devices, such as a printer or security camera which lacked the 802.1X supplicant.
Although not explored as part of this configuration guide, NEAP is another option for authenticating
connecting devices based on MAC Address.
November 2010
Avaya Inc. – Internal Distribution
avaya.com
Interface config commands
mac-security enable|disable
[no] mac-security lock-out
[no] mac-security learning
mac-security auto-learning
enable|disable max-addrs <X>
mac-security auto-learning
enable|disable max-addrs <X>
11