Avaya C360 Layer 2 Features
136 Installation and Configuration Guide Avaya C360 Multilayer Stackable Switches, version 4.5
MAC Security
The MAC security function is intended to filter incoming frames (from the line) with an
unauthorized source MAC address (SA).
MAC Security Implementation in the C360
When a frame is received on a secured port, its source MAC address is checked against the
secured MAC Address Table. If either the source MAC address is not found there, or it is found
but with a different ingress port location, then the frame is rejected
The C360 can be configured to take one of the following actions when an attempted intrusion
occurs:
● Drop – Drops the packets for five seconds.
● Drop and notify – Drops the packets for five seconds and sends a notification to the
management station.
● Disable and notify – Permanently disables the packets and sends a notification to the
management station.
When the C360 is configured to send traps to report attempted intrusion, to prevent the flooding
of the Console's trap log / network, the Agent sends an intruder alert every five seconds for the
first 3 times a specific intruder is detected on a port, and then every 15 minutes if the intrusion
continues.
You should first enable the MAC security global mode (use the set security mode CLI
command) and then configure the ports which should be secured (use the set port
security CLI command). When setting a port to secured, the MAC addresses that a
currently learnt on this port are preserved and considered as secure MAC, unless they are
removed using clear secure mac command. Individual secure MACs can also be added.
Tip:
Tip: You can add a MAC address to more than one port on the device. This allows a
specific device to communicate with the switch via more than one ingress port.
However the number of secured MAC addresses on any module cannot exceed
1,024.
Note:
Note: Ports that are members of a port redundancy scheme should not be also
configured as secure ports.
To Next Page
Loading...
