MAC Security Implementation in P330 | Avaya P3343T-ML specs

MAC Security

Chapter 11 Avaya P330 Layer 2 Features

MAC Security

The MAC security function is intended to filter incoming frames (from the line) with an unauthorized source MAC address (SA).

MAC Security Implementation in P330

When a frame is received on a secured port, its source MAC address is checked against the secured MAC Address Table. If either the source MAC address is not found there, or it is found but with a different ingress port location, then the frame is rejected. Tagged traffic from a secured MAC address on the ingress port on which it was learned is accepted by the switch if the VLAN binding mode of the traffic is the same as the VLAN binding mode of the ingress port.

The P330 can be configured to take one of the following actions when an attempted intrusion occurs:

•Drop – Drops the packets for 5 seconds.

•Drop and notify – Drops the packets for 5 seconds and sends a notification to the management station.

•Disable and notify – Permanently disables the packets and sends a notification to the management station.

When the P330 is configured to send traps to report attempted intrusion, to prevent the flooding of the Console's trap log / network, the Agent sends an intruder alert every 5 seconds for the first 3 times a specific intruder is detected on a port, and then every 15 minutes if the intrusion continues.

User should first enable the MAC security global mode (set security mode) and then configure the ports which should be secured (set port security). When setting a port to secured, the MAC addresses that a currently learnt on this port are preserved and considered as secure MAC, unless they are removed using clear secure mac command. Individual secure MACs can also be added.

A MAC address can be added to more than one port on the device. This allows a specific device to communicate with the switch via more than one ingress port. However the number of secured MAC addresses on any module cannot exceed 1,024.

Ports that are members of a port redundancy scheme should not be also configured as secure ports.

Avaya P334T-ML User’s Guide

97

Image 113

Avaya P3343T-ML manual MAC Security Implementation in P330

Contents

SOFTWARE VERSION STACKABLE SWITCHInstallation and Configuration Guide AVAYA P334T-ML Document no avaya.com Overview ContentsSection Installation Configuring the Terminal Serial Port Parameters Configuration Ingress VLAN Security Port Mirroring Constraints Troubleshooting and Maintenance Chapter 15 Updating the Software Safety Information Before you Install the P330-MLPreface FCC Notice Notes, Cautions, and Warnings Warranty Avaya Support Avaya P334T-ML User’s Guide SECTION 1 OVERVIEW Page Avaya P334T-ML Overview Avaya P334T-ML FeaturesChapter Introduction Command Line Interface CLI Layer 3 Features P330-MLNetwork Management and Monitoring Device Manager Embedded Web SMON Avaya Integrated ManagerPort Mirroring Fans, Power Supply, and BUPS-ML Monitoring Avaya P330 Standards Supported Standards and CompatibilityIEEE IETF - Layer IETF - Network Monitoring P334T-ML Switch SpecificationsPower Requirements Physical Safety - AC Version SafetySafety - DC Version EMC Emissions Basic MTBF Stacking Sub-moduleInterfaces Approved SFF/SFP GBIC Transceivers Safety Information Specifications InstallationTo Install the SFF/SFP GBIC transceiver To Remove the SFF/SFP GBIC transceiver Agency Approval Gigabit Fiber Optic Cabling Console Pin Assignments Avaya P334T-ML User’s Guide SECTION 2 INSTALLATION Page Site Preparation InstallationRequired Tools Power Requirements - DC Table 4.2 Power Requirements - AC Rack Mounting Optional To connect stacked switches Installing the X330STK-ML Stacking Sub-Module OptionalConnecting Stacked Switches 5 Power up the added modules X330LC X330RCX330SC Prerequisites Connecting Cables to Network EquipmentMaking Connections to Network Equipment Page Powering On - Avaya P330 Switch DC Powering Up the Avaya P330Powering On - Avaya P330 Module AC Post-Installation Avaya P334T-ML Front Panel Avaya P334T-ML Front and Rear Panels LED Name P334T-ML LEDs Chapter 6 Avaya P334T-ML Front and Rear Panels Avaya P334T-ML LED Descriptions Continued BUPS-ML connector cover plate removed Avaya P334T-ML Back PanelTable 6.2 Avaya P334T-ML - - Select buttons Figure 6.4 P334T-ML AC version Back Panel with Stacking Sub-module Figure 6.6 BUPS-ML Input Connector Sticker BUPS-ML Input Connector Configuring the Terminal Serial Port Parameters Establishing Switch AccessConnecting a Terminal to the Avaya P330 Serial port Establishing a Serial Connection Assigning P330’s IP Stack Address P330 Sessionssession router The mode can be either switch, router, wan, atm, mgp Establishing an SSH Connection Establishing a Telnet Connection set interface ppp enable Connecting a Modem to the Console PortEstablishing a Modem PPP Connection with the P330 Overview Entering the Supervisor Level Security Levels Entering the CLI Introduction to SNMP User AuthenticationSNMP Support control the P330 Users Groups Views SNMP Commands In order to In order to Introduction to SSH SSH Protocol Support Figure 8.1 SSH Session Establishment Process SSH Commands SCP Protocol Support Introduction to RADIUS RADIUS User name and password authenticated? No Authentication Reject User attempts login Local User account authenticated in switch? Nosent to switch Authentication request sent to RADIUS Server Radius Commands Introduction to Telnet Telnet CommandsTelnet Client Support Introduction Recovery PasswordRecovery Password Commands Allowed Managers Introduction Allowed Managers CLI CommandsAllowed Managers Allowed Protocols Introduction Allowed Protocols CLI CommandsAllowed Protocols no ip telnet-client ip telnet-client enable SECTION 3 CONFIGURATION Page Avaya P330 Default Settings P330 Default SettingsConfiguring the Switch Function Ports 51 1 Ensure that the other side is also set to Autonegotiation EnabledPorts Avaya P334T-ML User’s Guide Basic Switch Configuration Switch Configuration Operating parameters System Parameter ConfigurationIdentifying the system Network Time Acquiring Protocols Parameter Configuration Uploading and Downloading Device Configurations and Images Layer 2 Configuration File In order to Layer 3 Configuration File In order to System Logging Introduction System Logging Applications Sinks Syslog Servers Syslog Configuration CLI Commands In order to Monitoring CPU Utilization Avaya P334T-ML User’s Guide Overview Avaya P330 Layer 2 Features Ethernet Configuring Ethernet ParametersFast Ethernet Gigabit Ethernet Gigabit Ethernet ports MMMMMMSSSSSS MM-MM-MM-SS-SS-SS Ethernet Configuration CLI Commands Speed - 10/100 ports 1-48 1G ports 51 Ethernet Implementation in the Avaya P334T-MLPriority queuing - 10/100 ports 4 queues 1G ports 2 queues CAM size - 8K addresses VLAN Overview VLAN Configuration Multi VLAN Binding VLAN Tagging Figure 11.3 illustrates these binding modes in P330 Ingress VLAN Security VLAN CLI CommandsAutomatic VLAN Learning VLAN Implementation in the Avaya P334T-ML PBNAC Implementation in the P330 Family Port Based Network Access Control PBNACHow “Port Based” Authentication Works Configuring the P330 for PBNAC PBNAC CLI Commands In order to Spanning Tree per Port Spanning Tree ProtocolSpanning Tree Protocol Rapid Spanning Tree Protocol RSTP Spanning Tree Implementation in the P330 Family Spanning Tree Protocol CLI Commands set port point-to-point admin Set the port point-to-point adminadmin and operational RSTP status status MAC Security Implementation in P330 MAC Security MAC Security CLI Commands MAC Aging Configuring the P330 for MAC AgingMAC Aging CLI Commands LAG Overview LAG CLI Commands LAG Implementation in the Avaya P330 Family of Products Port Redundancy Operation Port Redundancy Intermodule Port Redundancy Port Redundancy CLI Commands redundancy entry defined for the display the intermoduleshow intermodule port redundancy IP Multicast Filtering IP Multicast Implementation in the Avaya P334T-ML IP Multicast CLI Commands RMON Overview RMON CLI CommandsRMON In order to SMON Overview SMON Port Mirroring CLI commands Port Mirroring ConfigurationPort Mirroring Overview Port Mirroring Constraints About Multilayer Policy Multilayer Policy Multilayer Policy Implementation in the P334T-ML Configuring the P334T-ML for Multilayer Policy Multilayer Policy CLI Commands In order to Weighted Queuing CLI Commands Weighted QueuingImplementation of Weighted Queuing in the P330-ML Port Classification Port Classification CLI Commands Implementation of Stack Health in the P330 Family Stack RedundancyStack Health Initiate the stack health testing Stack Health CLI Commandsprocedure set stack health Avaya P334T-ML User’s Guide What is Routing? Avaya P330 Layer 3 Features Figure 12.1 Routing Multinetting Multiple Subnets per VLAN Routing ConfigurationForwarding IP Configuration CLI Commands IP Configuration set vlan Vlan-id name Vlan-name replacing Vlan-id by the Assigning Initial Router Parameters The Routerconfigure-ifinterface-name# prompt appears Routerconfigure# interface interface-nameRouterconfigure-ifinterface-name# ip address ip- address netmask Routerconfigure# interface interface-name# ip vlan vland-id To obtain a License Key that enables routing features Obtaining a Routing License Key1 Go to http//license-lsg.avaya.com and click “request new license” 2 Enter the Certificate Key and Certificate Type 3 Click Next 6 View number of licenses left 4 Enter contact information once per certificate 5 Click Next Activating a Routing License Key set license module license featureNameLicense Key CLI Commands Avaya P334T-ML User’s Guide RIP Overview RIP Routing Interchange Protocol Configuration Table 12.1 DIfferences Between RIP and RIP2 RIP CLI CommandsRIP2 In order to OSPF Overview OSPF Open Shortest Path First Configuration OSPF CLI Commands Static Routing Overview Static Routing ConfigurationStatic Routing Configuration CLI Commands Route Preferences Route Redistribution Route Redistribution Commands ARP Overview ARP Address Resolution Protocol Table Configuration The ARP Table ARP CLI Commands BOOTP/DHCP Overview BOOTP/DHCP Dynamic Host Configuration Protocol Relay Configuration BOOTP/DHCP CLI Commands NetBIOS Re-broadcast Configuration CLI Commands NetBIOS Re-broadcast ConfigurationNetBIOS Overview VRRP Overview VRRP Virtual Router Redundancy Protocol Configuration VRRP Configuration Example Case #2 VRRP CLI Commands In order to SRRP Overview SRRP ConfigurationSRRP Configuration Example SRRP CLI Commands Policy Configuration CLI Commands Policy ConfigurationPolicy Configuration Overview In order to Figure 12.4 Avaya P330 Policy Policy Configuration Example P330-1super# ip access-list 100 3 deny tcp host 192.168.5.33 any eq P330-1super# ip access-list 100 1 fwd6 tcp 149.49.0.0 0.0.255.255 anyP330-1super# ip access-list 100 2 fwd3 tcp any host IP Fragmentation/Reassembly CLI Commands IP Fragmentation and ReassemblyIP Fragmentation and Reassembly Overview SECTION 4 TROUBLESHOOTING AND MAINTENANCE Page Troubleshooting the Installation Troubleshooting the Installation Chapter 13 Troubleshooting the Installation Replacing the Stacking Sub-module Maintenance Maintenance Software Download Updating the SoftwareObtain Software Online Downloading Software Download New Version without Overwriting Existing Version