Avaya ERS 3500 - Using MAC Security to Tie down Server Macs Using Active;Standby Nics; Figure 9: MAC-Security with Active-Standby Nics; Example 3

To Next Page

To Previous Page

Avaya Inc. – Internal Distribution

avaya.com

November 2010

3.3 Using MAC Security to tie down Server MACs

using Active/Standby NICs

In this example, again another military favorite, we want to use MAC Security in the Data Centre on the

server aggregation switches but with the added challenge that the servers can be using dual NICs in

Active/Standby fashion.

Figure 9: MAC-Security with Active-Standby NICs; example 3

This means that the server MAC address will normally be seen on the ethernet port corresponding to the

Active NIC but can move to an alternative ethernet port corresponding to the Standby NIC.

In this example we will use Security Lists which will allow us to tie the authorized MAC addresses to a

Security List instead of an ethernet port. The security list will then include the two ethernet ports where

the server NICs are connected.

3.3.1 Using ACLI

3.3.1.1 Initial Switch configuration

Create the Security Lists (one for each server)

Avaya-ERS-Switch(config)# mac-security security-list 1 7-8

Avaya-ERS-Switch(config)# mac-security security-list 2 9-10



Note – Up to 32 Security Lists can be created.

Globally enable MAC Security

Avaya-ERS-Switch(config)# mac-security enable

Enable MAC Security on the access ports

Avaya-ERS-Switch(config)# interface FastEthernet 1-20

Avaya-ERS-Switch(config-if)# mac-security enable

Other manuals for Avaya ERS 3500