Avaya P334T-ML Manuel D’Utilisation
Chapter 11 Avaya P330 Layer 2 Features
Avaya P334T-ML User’s Guide
95
MAC Security
The MAC security function is intended to filter incoming frames (from the line) with
an unauthorized source MAC address (SA).
an unauthorized source MAC address (SA).
MAC Security Implementation in P330
When a frame is received on a secured port, its source MAC address is checked
against the secured MAC Address Table. If either the source MAC address is not
found there, or it is found but with a different ingress port location, then the frame
is rejected. Tagged traffic from a secured MAC address on the ingress port on which
it was learned is accepted by the switch if the VLAN binding mode of the traffic is
the same as the VLAN binding mode of the ingress port.
The P330 can be configured to take one of the following actions when an attempted
intrusion occurs:
•
against the secured MAC Address Table. If either the source MAC address is not
found there, or it is found but with a different ingress port location, then the frame
is rejected. Tagged traffic from a secured MAC address on the ingress port on which
it was learned is accepted by the switch if the VLAN binding mode of the traffic is
the same as the VLAN binding mode of the ingress port.
The P330 can be configured to take one of the following actions when an attempted
intrusion occurs:
•
Drop
– Drops the packets for 5 seconds.
•
Drop and notify
– Drops the packets for 5 seconds and sends a notification to
the management station.
•
Disable and notify
– Permanently disables the packets and sends a notification
to the management station.
When the P330 is configured to send traps to report attempted intrusion, to prevent
the flooding of the Console's trap log / network, the Agent sends an intruder alert
every 5 seconds for the first 3 times a specific intruder is detected on a port, and then
every 15 minutes if the intrusion continues.
User should first enable the MAC security global mode (set security mode)
and then configure the ports which should be secured (set port security).
When setting a port to secured, the MAC addresses that a currently learnt on this
port are preserved and considered as secure MAC, unless they are removed using
clear secure mac
the flooding of the Console's trap log / network, the Agent sends an intruder alert
every 5 seconds for the first 3 times a specific intruder is detected on a port, and then
every 15 minutes if the intrusion continues.
User should first enable the MAC security global mode (set security mode)
and then configure the ports which should be secured (set port security).
When setting a port to secured, the MAC addresses that a currently learnt on this
port are preserved and considered as secure MAC, unless they are removed using
clear secure mac
command. Individual secure MACs can also be added.
L A MAC address can be added to more than one port on the device. This allows
a specific device to communicate with the switch via more than one ingress
port. However the number of secured MAC addresses on any module cannot
exceed 1,024.
port. However the number of secured MAC addresses on any module cannot
exceed 1,024.
L Ports that are members of a port redundancy scheme should not be also
configured as secure ports.