10-52
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
This example shows how to globally enable MAC move on a switch:
Switch(config)# authentication mac-move permit
Enabling MAC Replace
Note To enable MAC replace, the switch must be running the LAN base image.
MAC replace allows a host to replace an authenticated host on a port.
Beginning in privileged EXEC mode, follow these steps to enable MAC replace on an interface. This
procedure is optional.
This example shows how to enable MAC replace on an interface:
Switch(config)# interface gigabitethernet2/0/2
Switch(config-if)# authentication violation replace
Step 3
end Return to privileged EXEC mode.
Step 4
show running-config (Optional) Verify your entries.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the port to be configured, and enter interface configuration mode.
Step 3
authentication violation {protect |
replace | restrict | shutdown}
Use the replace keyword to enable MAC replace on the interface. The
port removes the current session and initiates authentication with the new
host.
The other keywords have these effects:
• protect: the port drops packets with unexpected MAC addresses
without generating a system message.
• restrict: violating packets are dropped by the CPU and a system
message is generated.
• shutdown: the port is error disabled when it receives an unexpected
MAC address.
Step 4
end Return to privileged EXEc mode.
Step 5
show running-config Verify your entries.
Step 6
copy running-config startup-config (Optional) Saves your entries in the configuration file.
To Next Page
Loading...
