Chapter 9
| General Security Measures
Network Access (MAC Address Authentication)
– 295 –
◆ When port status changes to down, all MAC addresses are cleared from the
secure MAC address table. Static VLAN assignments are not restored.
◆ The RADIUS server may optionally return a VLAN identifier list. VLAN identifier
list is carried in the “Tunnel-Private-Group-ID” attribute. The VLAN list can
contain multiple VLAN identifiers in the format “1u,2t,” where “u” indicates
untagged VLAN and “t” tagged VLAN. The “Tunnel-Type” attribute should be
set to “VLAN,” and the “Tunnel-Medium-Type” attribute set to “802.”
Example
Console(config-if)#network-access mode mac-authentication
Console(config-if)#
network-access port-
mac-filter
Use this command to enable the specified MAC address filter. Use the no form of
this command to disable the specified MAC address filter.
Syntax
network-access port-mac-filter filter-id
no network-access port-mac-filter
filter-id - Specifies a MAC address filter table. (Range: 1-64)
Default Setting
None
Command Mode
Interface Configuration
Command Mode
◆ Entries in the MAC address filter table can be configured with the network-
access mac-filter command.
◆ Only one filter table can be assigned to a port.
Example
Console(config)#interface ethernet 1/1
Console(config-if)#network-access port-mac-filter 1
Console(config-if)#
To Next Page
Loading...
Need help?
General