Hi everyone, I work in a healthcare environment and we have an Avaya 5698 providing data connectivity to pc's in our patient rooms. Currently mac-security is enabled on the data ports in the patient rooms and we are wanting to wheel in a teleconference cart into the patient rooms and allow the teleconference to patch into the same data port the computer is in. The end user would have to unpatch the pc and then patch in this teleconference cart.
In my test lab with the same 5698, I have tried setting it up where all the access ports have mac-security enabled and then allowing a second device to connect to all the access ports. It is appearing that this will not be feasible but please let me know if there is something else I can try...
First time around, I enabled the following in global config: mac-security, mac-security auto-learning sticky, intrusion-timer 0, and intrusion-detect enable.
Then in the interface configuration, I enabled the following: mac-security auto-learning enable, mac-security auto-learning max-address 2, and mac-security port X enable. I continued on with patching in computer into port 1, then patched in teleconference cart into port 1. After reviewing show mac-security mac-address I saw that both devices were learned, I attempted to patch in a third device and the port shut down as expected. Great, that was what I was expecting to see. I continue on to configure port 2 the same exact way, with auto-learning enabled and maximum of 2 mac addresses and mac-security enabled. I plug in the third device into port 2. I review the show mac-security mac-address-table and I see that the switch has learned the new mac address on port 2, all is well. I then try to patch the teleconference cart into port 2 and the port shuts down. Not good. I check the logs and it shows that intruder MAC h.h.h port 2 address is locked on port 1.
So then I try doing away with auto-learning and go the static route. From the interface configuration I disabled mac-security from ports 1 and 2 and I disabled auto-learning on ports 1 and 2. I then went into the global configuration and started adding the mac-addresses statically. For the first computer, mac-security mac-address-table address h.h.h port 1. For the teleconference cart, mac-security mac-address-table address h.h.h port 1. For the second computer, mac-security mac-address-table address h.h.h port 2 . And again for the teleconference cart, mac-security mac-address-table address h.h.h port 2. Except, I get an error when I try to statically allow the teleconference cart to port 2. %Cannot modify settings %Cannot add the mac, duplicate address %Cannot assign mac address h.h.h to port 2. Not good...
So these are the two ways I have tried it thus far. Anyone out there have any more ideas on mac-security?