EasyManuals Logo

Cisco Catalyst 4500 Series Administration Guide

Cisco Catalyst 4500 Series
1814 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1196 background imageLoading...
Page #1196 background image
46-58
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
This example shows how to globally enable MAC replace on a switch:
Switch# configure terminal
Switch(config)# interface f7/1
Switch(config-if)# authentication violation replace
The following syslog messages displays when MAC-replace occurs:
%AUTHMGR-5-SECUREMACREPLACE: <mac-addr> replaced <mac-addr> on <interface-name>
Configuring Violation Action
You can configure 802.1X security violation behavior as either shutdown, restrict, or replace mode,
based on the response to the violation.
To configure the violation action, performing the following task:
This example shows how to configure the violation mode shutdown on a switch:
Switch# configure terminal
Switch(config)# authentication violation shutdown
A port is error-disabled when a security violation triggers on shutdown mode. The following syslog
messages displays:
%AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface <interface name>, new
MAC address <mac-address> is seen.
Step 3
Switch(config-if)# authentication
violation [restrict | shutdown |
replace]
Tears down the old session and authenticates the new host, when a new
host is seen in single or multiple- domain modes.
Step 4
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 5
Switch# show run
Verifies your entries.
Step 6
Switch # copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface
interface-id
Enters interface configuration mode.
Step 3
Switch(config-if)# authentication
violation [restrict |
shutdown | replace]
(Optional) Configures the disposition of the port if a security violation
occurs.
The default action is to shut down the port. If the restrict keyword is
configured, the port does not shut down.
When a new host is seen in single or multiple- domain modes, replace
mode tears down the old session and authenticates the new host.
Step 4
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 5
Switch# show run
Verifies your entries.
Step 6
Switch # copy running-config
startup-config
(Optional) Saves your entries in the configuration file.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Preview: Manual
Manual19 pages
Preview: Command Reference Guide
Command Reference Guide1230 pages
Preview: System Message Guide
System Message Guide150 pages
Preview: Configuration Guide
Configuration Guide1610 pages
Preview: Software Configuration Guide
Software Configuration Guide2086 pages
Preview: Message Guide
Message Guide146 pages
Preview: Installation Guide
Installation Guide194 pages
Preview: Datasheet
Datasheet11 pages
Preview: Overview
Overview46 pages
Preview: Quick Reference Guide
Quick Reference Guide59 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals