Chapter 9
| General Security Measures
Network Access (MAC Address Authentication)
– 270 –
network-access
guest-vlan
Use this command to assign all traffic on a port to a guest VLAN when 802.1x
authentication or MAC authentication is rejected. Use the
no
form of this command
to disable guest VLAN assignment.
Syntax
network-access guest-vlan
vlan-id
no network-access guest-vlan
vlan-id - VLAN ID (Range: 1-4094)
Default Setting
Disabled
Command Mode
Interface Configuration
Command Usage
◆
The VLAN to be used as the guest VLAN must be defined and set as active (See
the vlan database command).
◆
When used with 802.1X authentication, the intrusion-action must be set for
“guest-vlan” to be effective (see the dot1x intrusion-action command).
◆
A port can only be assigned to the guest VLAN in case of failed authentication,
if switchport mode is set to Hybrid.
Example
Console(config)#interface ethernet 1/1
Console(config-if)#network-access guest-vlan 25
Console(config-if)#
network-access max-
mac-count
Use this command to set the maximum number of MAC addresses that can be
authenticated on a port interface via all forms of authentication. Use the
no
form of
this command to restore the default.
Syntax
network-access max-mac-count
count
no network-access max-mac-count
count - The maximum number of authenticated IEEE 802.1X and MAC
addresses allowed. (Range: 0-1024; 0 for unlimited)
Default Setting
1024
To Next Page
Loading...
Need help?
General