EasyManua.ls Logo

Cisco WS-C6506

Cisco WS-C6506
1488 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
41-13
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 41 Configuring MAC Authentication Bypass
Configuring MAC Authentication Bypass with ACL Assignments
Shutdown Timeout = 60
Violation mode = Shutdown
Console> (enable)
Configuring MAC Authentication Bypass with ACL Assignments
MAC authentication bypass(MAB)-enabled ports support ACL assignments similar to 802.1X-enabled
ports. For more information, see “Configuring 802.1X with ACL Assignments” section on page 40-26.
The ACLs must be predefined and committed on the switch. ACL mapping by MAB is a runtime
configuration and does not reflect in the NVRAM. The mapping is removed when the MAB static CAM
entry is removed or at reauth, if the RADIUS sends a different or no ACL to map.
Configuring MAC Authentication Bypass with QoS ACLs
MAC authentication bypass-enabled ports support ACLs sent by RADIUS and QoS policies-based
authentication similar to QoS policies on 802.1X-enabled ports. For more information, see “Configuring
802.1X with QoS ACLs” section on page 40-29.
When configuring MAB with QoS ACLs, follow these guidelines:
The QoS ACLs must be predefined and committed on the switch.
If more than one QoS ACL of the same attribute type (invacl, outvacl, or inpacl) is sent to the MAB
port, only the first ACL for an attribute type is configured.
The minimum acceptable reauthentication timeout for MAB has been reduced to 30 from 300
seconds. The default is 30 seconds.
Dynamically applied QoS ACLs cannot be removed using commands. They are automatically
removed when MAB initializes.
This example shows how to display the QoS ACLs information for a MAB-enabled port:
Console (enable)> show port mac-auth-bypass 3/13
Port Mac-Auth-Bypass State MAC Address Auth-State Vlan
----- --------------------- ----------------- ----------------- -----
3/13 Enabled 00-11-22-33-01-87 authenticated 391
Port Termination action Session Timeout Shutdown/Time-Left
----- ------------------ --------------- ------------------
3/13 initialize 3600 NO -
Port PolicyGroups
----- ----------------------------------------------------------------
3/13 -
Port Security ACL Sec ACL Type QoS ACL Type
----- -------------------------------- ----------------- ----------------
3/13 my_security_pacl Pacl Vacl
Port QoS Ingress Policy QoS Egress Policy
----- -------------------------------- ----------------------------------
3/13 my_qos_invacl my_qos_outvacl
Port Critical Critical-Status
----- -------- ---------------
3/13 Disabled -

Table of Contents

Related product manuals