Avaya P333R-LB Manuel D’Utilisation
Chapter 11
Avaya P330 Layer 2 Features
76
Avaya
P333R-LB User’s Guide
MAC Security
The MAC security function is intended to filter incoming frames (from the line) with
an unauthorized source MAC address (SA).
an unauthorized source MAC address (SA).
MAC Security Implementation in P330
When a frame is received on a secured port, its SA is checked against the MAC
Address Table. If either the SA is not found there, or it is found but with a different
port location, then the frame is rejected without being learned. A message is then
sent to the CPU.
The Agent reports the attempted intrusion via an SNMP security violation trap
containing the intruder's MAC address. To prevent the flooding of the Console's
trap log / network, the Agent sends an intruder alert every 5 seconds for the first 3
times a specific intruder is detected on a port, and then every 15 minutes if the
intrusion continues.
User should first enable the MAC security global mode (set security mode)
and then configure the ports which should be secured (set port security).
When setting a port to secured, the MAC addresses that a currently learnt on this
port are preserved and considered as secure MAC, unless they are removed using
clear secure mac
Address Table. If either the SA is not found there, or it is found but with a different
port location, then the frame is rejected without being learned. A message is then
sent to the CPU.
The Agent reports the attempted intrusion via an SNMP security violation trap
containing the intruder's MAC address. To prevent the flooding of the Console's
trap log / network, the Agent sends an intruder alert every 5 seconds for the first 3
times a specific intruder is detected on a port, and then every 15 minutes if the
intrusion continues.
User should first enable the MAC security global mode (set security mode)
and then configure the ports which should be secured (set port security).
When setting a port to secured, the MAC addresses that a currently learnt on this
port are preserved and considered as secure MAC, unless they are removed using
clear secure mac
command. Individual secure MACs can also be added.
Note:
If the secure MAC editing command are to be implemented on a switch other
than the stack master, a session should be opened to the relevant switch.
Note:
Ports that are members of a port redundency scheme should not be also
configured as secure ports.
MAC Security CLI Commands
The following table contains a list of the CLI commands for the MAC Security
feature. The rules of syntax and output examples are all set out in detail in the P330
Reference Guide.
feature. The rules of syntax and output examples are all set out in detail in the P330
Reference Guide.
Table 11.4
MAC Security CLI Commands
In order to...
Use the following command...
Enable or disable the switch MAC
security
security
set security mode