Chapter 8
| General Security Measures
Network Access (MAC Address Authentication)
– 223 –
network-access aging Use this command to enable aging for authenticated MAC addresses stored in the
secure MAC address table. Use the no form of this command to disable address
aging.
Syntax
[no] network-access aging
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
◆ Authenticated MAC addresses are stored as dynamic entries in the switch’s
secure MAC address table and are removed when the aging time expires. The
address aging time is determined by the mac-address-table aging-time
command.
◆ This parameter applies to authenticated MAC addresses configured by the MAC
Address Authentication process described in this section, as well as to any
secure MAC addresses authenticated by 802.1X, regardless of the 802.1X
Operation Mode (Single-Host, Multi-Host, or MAC-Based authentication as
described on page 204).
◆ The maximum number of secure MAC addresses supported for the switch
system is 1024.
Example
Console(config-if)#network-access aging
Console(config-if)#
mac-authentication
intrusion-action
Determines the port response when a connected host
fails MAC authentication.
IC
mac-authentication
max-mac-count
Sets the maximum number of MAC addresses that can be
authenticated on a port via MAC authentication
IC
clear network-access Clears authenticated MAC addresses from the address
table
PE
show network-access Displays the MAC authentication settings for port
interfaces
PE
show network-access
mac-address-table
Displays information for entries in the secure MAC
address table
PE
show network-access mac-filter Displays information for entries in the MAC filter tables PE
Table 47: Network Access Commands (Continued)
Command Function Mode
To Next Page
Loading...
