934 BigIron RX Series Configuration Guide
53-1002253-01
Configuring multi-device port authentication
31
The port-configured-vlan keyword removes the port from its RADIUS-assigned VLAN and places it
back in the VLAN where it was originally assigned. This is the default.
The port-restrict-vlan keyword removes the port from its RADIUS-assigned VLAN and places it in the
restricted VLAN.
The system-default-vlan keyword removes the port from its RADIUS-assigned VLAN and places it in
the DEFAULT-VLAN.
Saving dynamic VLAN assignments to the running
configuration file
You can configure the device to save the RADIUS-specified VLAN assignments to the device's
running configuration file. To do this, enter the following command.
BigIron RX(config)# mac-authentication save-dynamicvlan-to-config
Syntax: [no] mac-authentication save-dynamicvlan-to-config
By default, the dynamic VLAN assignments are not saved to the running configuration file. Entering
the show running-config command does not display dynamic VLAN assignments, although they can
be displayed with the show vlan and show auth-mac-address detail commands.
Clearing authenticated MAC addresses
The device maintains an internal table of the authenticated MAC addresses (viewable with the
show authenticated-mac-address command). You can clear the contents of the authenticated MAC
address table either entirely, or just for the entries learned on a specified interface. In addition, you
can clear the MAC session for an address learned on a specific interface.
To clear the entire contents of the authenticated MAC address table, enter the following command.
BigIron RX(config)# clear auth-mac-table
Syntax: clear auth-mac-table
To clear the authenticated MAC address table of entries learned on a specified interface, enter a
command such as the following.
BigIron RX(config)# clear auth-mac-table e 3/1
Syntax: clear auth-mac-table <slot>/<portnum>
To clear the MAC session for an address learned on a specific interface, enter commands such as
the following.
BigIron RX(config)# interface e 3/1
BigIron RX(config-if-e100-3/1)# mac-authentication clear-mac-session
00e0.1234.abd4
Syntax: mac-authentication clear-mac-session <mac-address>
This command removes the Layer 2 CAM entry created for the specified MAC address. If the device
receives traffic from the MAC address again, the MAC address is authenticated again.
To Next Page
Loading...
Need help?
General