41-13
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 41 Configuring MAC Authentication Bypass
Configuring MAC Authentication Bypass with ACL Assignments
Shutdown Timeout = 60
Violation mode = Shutdown
Console> (enable)
Configuring MAC Authentication Bypass with ACL Assignments
MAC authentication bypass(MAB)-enabled ports support ACL assignments similar to 802.1X-enabled
ports. For more information, see “Configuring 802.1X with ACL Assignments” section on page 40-26.
The ACLs must be predefined and committed on the switch. ACL mapping by MAB is a runtime
configuration and does not reflect in the NVRAM. The mapping is removed when the MAB static CAM
entry is removed or at reauth, if the RADIUS sends a different or no ACL to map.
Configuring MAC Authentication Bypass with QoS ACLs
MAC authentication bypass-enabled ports support ACLs sent by RADIUS and QoS policies-based
authentication similar to QoS policies on 802.1X-enabled ports. For more information, see “Configuring
802.1X with QoS ACLs” section on page 40-29.
When configuring MAB with QoS ACLs, follow these guidelines:
• The QoS ACLs must be predefined and committed on the switch.
• If more than one QoS ACL of the same attribute type (invacl, outvacl, or inpacl) is sent to the MAB
port, only the first ACL for an attribute type is configured.
• The minimum acceptable reauthentication timeout for MAB has been reduced to 30 from 300
seconds. The default is 30 seconds.
• Dynamically applied QoS ACLs cannot be removed using commands. They are automatically
removed when MAB initializes.
This example shows how to display the QoS ACLs information for a MAB-enabled port:
Console (enable)> show port mac-auth-bypass 3/13
Port Mac-Auth-Bypass State MAC Address Auth-State Vlan
----- --------------------- ----------------- ----------------- -----
3/13 Enabled 00-11-22-33-01-87 authenticated 391
Port Termination action Session Timeout Shutdown/Time-Left
----- ------------------ --------------- ------------------
3/13 initialize 3600 NO -
Port PolicyGroups
----- ----------------------------------------------------------------
3/13 -
Port Security ACL Sec ACL Type QoS ACL Type
----- -------------------------------- ----------------- ----------------
3/13 my_security_pacl Pacl Vacl
Port QoS Ingress Policy QoS Egress Policy
----- -------------------------------- ----------------------------------
3/13 my_qos_invacl my_qos_outvacl
Port Critical Critical-Status
----- -------- ---------------
3/13 Disabled -
To Next Page
Loading...
Need help?
General