auth-default-vlan (the authentication default VLAN), VLAN 2 in the following example. Interface level
configuration for dot1x authentication and MAC authentication conform to any new CLI changes that are
part of the upgrade.
For example, before upgrade, with dot1x authentication enabled on port 2/1/24 and MAC authentication
enabled on 2/1/23 globally and at the interface level, the configured ports are part of the default VLAN.
After upgrade, since port 2/1/23 and 2/1/24 are part of the default VLAN, they become part of the auth-
default-vlan, VLAN 2 in this example.
vlan 1 name DEFAULT-VLAN by port >> 2/1/24 and 2/1/23 ports are part of default vlan
!
vlan 3 by port
tagged ethe 1/1/5
!
vlan 100 by port
tagged ethe 1/1/9
untagged ethe 1/1/18
!
vlan 200 by port
untagged ethe 1/1/15
!
vlan 201 by port
!
dot1x-enable >> global configuration
enable ethe 2/1/24
!
mac-authentication enable >> global configuration
mac-authentication auth-passwd-format xxxx.xxxx.xxxx
!
interface ethernet 2/1/24 >> interface level
dot1x port-control auto
!
interface ethernet 2/1/23 >> interface level
mac-authentication enable
mac-authentication enable-dynamic-vlan
mac-authentication max-accepted-session 32
The following example shows the configuration after the upgrade.
vlan 1 name DEFAULT-VLAN by port
!
vlan 2 by port
!
vlan 3 by port
tagged ethe 1/1/5
!
vlan 100 by port
tagged ethe 1/1/9
untagged ethe 1/1/18
!
vlan 200 by port
untagged ethe 1/1/15
!
vlan 201 by port
!
authentication >>> both dot1x and mac-auth global commands appears under
authentication command
auth-default-vlan 2
dot1x enable
dot1x enable ethe 2/1/24
mac-authentication enable
mac-authentication enable ethe 2/1/23
mac-authentication password-format xxxx.xxxx.xxxx
!
interface ethernet 2/1/23
authentication max-sessions 32
!
interface ethernet 2/1/24
dot1x port-control auto
Upgrade and Downgrade Considerations
FastIron Ethernet Switch Software Upgrade Guide 17
53-1003632-02
To Next Page
Loading...
Need help?
General
