Beginning in privileged EXEC mode, follow these steps to enable MAC replace on an interface. This procedure
is optional.
SUMMARY STEPS
1.
configure terminal
2.
interface interface-id
3.
authentication violation {protect | replace | restrict | shutdown}
4.
end
5.
show running-config
6.
copy running-config startup-config
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:
Switch# configure terminal
Step 1
Specifies the port to be configured, and enter interface
configuration mode.
interface interface-id
Example:
Switch(config)# interface
Step 2
gigabitethernet2/0/2
Use the replace keyword to enable MAC replace on the interface.
The port removes the current session and initiates authentication
with the new host.
authentication violation {protect | replace |
restrict | shutdown}
Example:
Switch(config-if)# authentication violation
Step 3
The other keywords have these effects:
•
protect: the port drops packets with unexpected MAC
addresses without generating a system message.
replace
•
restrict: violating packets are dropped by the CPU and a
system message is generated.
•
shutdown: the port is error disabled when it receives an
unexpected MAC address.
Returns to privileged EXEC mode.end
Example:
Switch(config-if)# end
Step 4
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
320 OL-29048-01
Configuring IEEE 802.1x Port-Based Authentication
Enabling MAC Replace
To Next Page
Loading...
Need help?
General