Chapter 8
| General Security Measures
Network Access (MAC Address Authentication)
– 266 –
◆ When the dynamic VLAN assignment status is changed on a port, all
authenticated addresses are cleared from the secure MAC address table.
Example
The following example enables dynamic VLAN assignment on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#
network-access
guest-vlan
Use this command to assign all traffic on a port to a guest VLAN when 802.1x
authentication or MAC authentication is rejected. Use the no form of this command
to disable guest VLAN assignment.
Syntax
network-access guest-vlan vlan-id
no network-access guest-vlan
vlan-id - VLAN ID (Range: 1-4094)
Default Setting
Disabled
Command Mode
Interface Configuration
Command Usage
◆ The VLAN to be used as the guest VLAN must be defined and set as active (See
the vlan database command).
◆ When used with 802.1X authentication, the intrusion-action must be set for
“guest-vlan” to be effective (see the dot1x intrusion-action command).
◆ A port can only be assigned to the guest VLAN in case of failed authentication,
if switchport mode is set to Hybrid.
Example
Console(config)#interface ethernet 1/1
Console(config-if)#network-access guest-vlan 25
Console(config-if)#
To Next Page
Loading...
Need help?
General