Chapter 9
| General Security Measures
Network Access (MAC Address Authentication)
ā 327 ā
ā When port status changes to down, all MAC addresses are cleared from the
secure MAC address table. Static VLAN assignments are not restored.
ā The RADIUS server may optionally return a VLAN identifier list. VLAN identifier
list is carried in the āTunnel-Private-Group-IDā attribute. The VLAN list can
contain multiple VLAN identifiers in the format ā1u,2t,ā where āuā indicates
untagged VLAN and ātā tagged VLAN. The āTunnel-Typeā attribute should be
set to āVLAN,ā and the āTunnel-Medium-Typeā attribute set to ā802.ā
Example
Console(config-if)#network-access mode mac-authentication
Console(config-if)#
network-access
port-mac-filter
Use this command to enable the specified MAC address filter. Use the no form of
this command to disable the specified MAC address filter.
Syntax
network-access port-mac-filter filter-id
no network-access port-mac-filter
filter-id - Specifies a MAC address filter table. (Range: 1-64)
Default Setting
None
Command Mode
Interface Configuration
Command Mode
ā Entries in the MAC address filter table can be configured with the network-
access mac-filter command.
ā Only one filter table can be assigned to a port.
Example
Console(config)#interface ethernet 1/1
Console(config-if)#network-access port-mac-filter 1
Console(config-if)#
To Next Page
Loading...
