Avaya Inc. – Internal Distribution
avaya.com
vlan configcontrol automatic
mlt 1 name "Trunk #1" enable member 23-24
interface FastEthernet ALL
spanning-tree port 1-20 learning fast
spanning-tree port 23-24 learning disable
exit
vlan mgmt 47
mlt spanning-tree 1 stp 1 learning disable
2.1 Ensuring MAC Security can never accidentally be
enabled on uplinks
The MAC Security feature is only intended as a feature to enable on access ports. Accidentally enabling
the feature on the edge switch uplinks can have serious consequences which might end up rendering the
edge switch isolated from the rest of the network.
To prevent this from happening, the ERS5000 and VSP7000 have a MAC Security port lock-out feature
which can be enabled on the switch uplink ports so that they will never enable or accept any MAC
Security related configuration. In our setup we would enable port lock-out on our MLT uplink ports 23&24.
2.1.1 Using ACLI
Enable Port lock-out for MLT uplink ports 23-24
Avaya-ERS-Switch(config)# interface FastEthernet 23-24
Avaya-ERS-Switch(config-if)# mac-security lock-out
Avaya-ERS-Switch(config-if)# exit
Checking Port lock-out for MLT uplink ports 23-24
Avaya-ERS-Switch# show mac-security port 23-24
Port Trunk Security Auto-Learning MAC Number Security Locked-out
---- ----- -------- ------------- ---------- -------------------
23 Disabled Disabled 2 Enabled
24 Disabled Disabled 2 Enabled
To Next Page
Loading...
