Additional Features
Media Access Control (MAC) Security
076R200-000
SpectraComm IP T1 Router Card
5-7
Issue 13
Installation and Operation Manual
Media Access Control (MAC) Security
SCIP in LAN-X mode provides MAC Security by filtering MAC addresses filtering according to a
user-defined Media Access Control List (MACL). A MACL can be defined for each interface
(ethernet0, serial0, serial1) with up to 100 unique MAC addresses configured for each MACL.
When enabled, the MACL filters (discards) any unicast, multicast or broadcast packet received
which does not have its source MAC address defined in the MACL will be filtered.
Note
Spanning Tree is necessary in LANX mode to prevent loops. Therefore, Spanning Tree packets (BPDU) are
never filtered; they must be processed and/or forwarded at all times.
demonstrate examples of SCIP in LAN-X mode configured
for MAC Security. In each example, SCIP devices will detect “illegal” MAC addresses received at
the LAN or WAN interfaces and discard (filter) traffic so that it never enters the network. MAC
security is enforced for every access method: craft, Telnet, and HTTP. You must have ADMIN or
SUPERVISOR privileges to access SCIP’s MACL commands.
•
For help in setting MACL parameters, type:
configure macl ?
•
To show the status of the MACL, type:
show macl
[interface]
Figure 5-3
Help and Status Displays for MAC Security
___________Help for "configure macl "______________________
add Add MAC to media access control list; requires 2 parameter(s)
delete Delete MAC from media access control list; requires 2 parameter(s)
purge Remove all MACs in media access control list; requires 1 parameter(s)
enable Enable media access control list; requires 1 parameter(s)
disable Disable media access control list; requires 1 parameter(s)
learn Enable/disable auto-learn of MAC addresses
log Enable/disable logging for MACL violations
traps Enable/disable SNMP traps for MACL violations
MACL enabled for ethernet0. Violations: 90852 Number of MACs: 100
MACL logging enabled MACL traps enabled
MAC Address Pkts Received MAC Address Pkts Received
----------------- --------------- ----------------- ---------------
00-00-00-00-00-01 0 00-00-0C-18-9B-AC
00-50-04-1D-CC-62 12171 03-23-AA-00-00-01
05-36-AF-00-00-01 0 08-00-20-CF-8C-BA
09-39-D7-00-00-01 0 0F-73-0C-00-00-01
17-12-29-00-00-01 0 17-87-21-00-00-01
17-D6-D5-00-00-01 0 19-1D-D5-00-00-01
20-FB-C1-00-00-01 0 26-25-E7-00-00-01
26-73-82-00-00-01 0 26-96-10-00-00-01
28-B7-9E-00-00-01 0 29-BA-EE-00-00-01
2B-48-CD-00-00-01 0 2B-DC-74-00-00-01
34-52-BE-00-00-01 0 34-BF-A8-00-00-01
3D-27-8B-00-00-01 0 3E-D2-54-00-00-01
3E-EF-2A-00-00-01 0 3F-9B-1B-00-00-01
42-6F-71-00-00-01 0 44-4C-72-00-00-01
46-4F-8C-00-00-01 0 48-47-01-00-00-01
4C-7E-1A-00-00-01 0 50-A3-37-00-00-01
56-24-7A-00-00-01 0 58-BD-11-00-00-01
59-2A-34-00-00-01 0 5A-DA-8C-00-00-01
-- more -- (press “space” to continue; “CTRL-C” to quit)
Summary of Contents for SpectraComm IP T1
Page 119: ......
