Achieving Mac Based Vlans Using Mac Security; Figure 12: Vlan Based Mac-Security; Example 4 - Avaya ERS 3500 Technical Configuration Manual

avaya.com

3.4 Achieving MAC based VLANs using MAC Security

The Avaya modular ERS8800 and VSP9000 products support MAC based VLANs but the Avaya
stackable range does not. This example demonstrates how MAC Security can be used to achieve the
same functionality as MAC based VLANs on the stackable product ranges.
In this example, the network administrator wants to tie down a set of MAC addresses to a given VLAN on
the ethernet switch. Each VLAN will have a number of authorized MAC addresses which are allowed to
communicate on the VLAN across any of the port members of that VLAN. This means that a given MAC
address needs to be able to move across any of the port members of the VLAN. Security Lists are used
to achieve this.

Figure 12: VLAN based MAC-Security; example 4

Since MAC Security MAC learning cannot be used with Security Lists, in this example we are also going
to show a possible workaround to achieve MAC learning on Security Lists.
3.4.1 Using ACLI
3.4.1.1 Initial Switch configuration
Create the Security Lists (one for each VLAN)
Avaya-ERS-Switch(config)# mac-security security-list 1 1-10
Avaya-ERS-Switch(config)# mac-security security-list 2 11-20

Note – Up to 32 Security Lists can be created.
Globally enable MAC Security
Avaya-ERS-Switch(config)# mac-security enable
Enable learning on the access ports
Avaya-ERS-Switch(config)# mac-security learning-ports 1-20
Avaya-ERS-Switch(config)# mac-security learning enable
Avaya Inc. – Internal Distribution
November 2010 63