ContentsPrint

Configuring general switch security using EDM

Use the following procedure to configure and manage general security parameters for the switch.

Procedure steps

  1. From the navigation tree, double-click Security.

  2. In the Security tree, double-click MAC Security.

  3. In the Mac Security tab, configure the general switch security parameters as required.

  4. In the toolbar, click Apply.

Variable definitions

Use the data in the following table to configure general switch security.

Variable Value
AuthSecurityLock
If this parameter is listed as locked, the agent refuses all requests to modify the security configuration. Entries also include:

  • other

  • notlocked
AuthCtlPartTime Indicates the duration of time for port partitioning in seconds. Value ranges between 0 and 65535 seconds. Default is 1. When the value is zero, port remains partitioned until it is manually re-enabled.
SecurityStatus Indicates whether or not the switch security feature is enabled.
SecurityMode
Specifies mode of switch security. Entries include:

  • macList—Indicates that the switch is in the MAC-list mode. It is possible to configure more than one MAC address for each port.

  • autoLearn—Indicates that the switch learns the MAC addresses on each port as allowed addresses of that port.

Default is macList.
SecurityAction Actions performed by the software when a violation occurs (when SecurityStatus is enabled). The security action specified here applies to all ports of the switch.

A blocked address causes the port to be partitioned when unauthorized access is attempted. Selections include:

  • noAction—Port does not have security assigned to it, or the security feature is turned off.

  • trap—Listed trap.

  • partitionPort—Port is partitioned.

  • partitionPortAndsendTrap—Port is partitioned and traps are sent to the trap receive station.

  • daFiltering—Port filters out the frames where the destination address field is the MAC address of unauthorized Station.

  • daFilteringAndsendTrap—Port filters out the frames where the destination address field is the MAC address of unauthorized station. Traps are sent to trap receive stations.

  • partitionPortAnddaFiltering—Port is partitioned and filters out the frames with the destination address field is the MAC address of unauthorized station.

  • partitionPortdaFilteringAndsendTrap—Port is partitioned and filters out the frames with the destination address field is the MAC address of unauthorized station. Traps are sent to trap receive stations.

da means destination addresses.
CurrNodesAllowed Specifies the current number of entries of the nodes allowed in the AuthConfig tab.
MaxNodesAllowed Specifies the maximum number of entries of the nodes allowed in the AuthConfig tab.
PortSecurityStatus Specifies the set of ports for which security is enabled.
PortLearnStatus Specifies the set of ports where auto-learning is enabled.
CurrSecurityLists Specifies the current number of entries of the Security listed in the SecurityList tab
MaxSecurityLists Specifies the maximum entries of the Security listed in the SecurityList tab.
AutoLearningAgingTime Specifies the MAC address age-out time, in minutes, for the auto-learned MAC addresses. A value of zero (0) indicates that the address never ages out.
AutoLearningSticky
Controls whether the sticky MAC feature is enabled.
importantImportant

You must disable autolearning before you enable AutoLearningSticky.
SecurityLockoutPortList Controls the list of ports that are locked so they are excluded from MAC-based security.
importantImportant

You must disable autolearning before you change the SecurityLockoutPortList.
Comments on this document?
October 2015
© 2012-2015, Avaya, Inc. All Rights Reserved.