Avaya Inc. – Internal Distribution
avaya.com
The table below attempts to clarify which CLI commands are relevant to each of the above modes.
Commands which are not listed for a given mode are not to be used for that mode.
Mode / Context Global config commands Interface config commands
Common to all 3
modes
mac-security enable|disable
[no] mac-security snmp-trap
mac-security intrusion-detect
forever|enable|disable
mac-security intrusion-timer <0-65535>
mac-security snmp-lock enable|disable
mac-security enable|disable
[no] mac-security lock-out
Regular MAC
Security
[no] mac-security security-list <list>
<ports>
mac-security mac-address-table address
<MAC> port <port>
mac-security mac-address-table address
<MAC> security-list <list>
mac-security learning enable|disable
mac-security learning-ports <ports>
[no] mac-security learning
Auto-Learning
with MaxMacs
mac-security auto-learning
enable|disable max-addrs <X>
Auto-Learning
with Sticky-Mac
[no] mac-security auto-learning sticky
mac-security mac-address-table sticky-
address <MAC> port <port>
mac-security auto-learning
enable|disable max-addrs <X>
Table 3: MAC Security config commands vs. mode matrix
This document will use some real life examples where each of the above modes can be used.
Note that another option for authenticating devices by MAC address is Non-EAP (NEAP) authentication
whereby source MAC addresses are authenticated against a centralized RADIUS Server. NEAP was
designed for network environments where 802.1X EAP is deployed for network access control in order to
allow non-EAP devices, such as a printer or security camera which lacked the 802.1X supplicant.
Although not explored as part of this configuration guide, NEAP is another option for authenticating
connecting devices based on MAC Address.
To Next Page
Loading...
