Chapter 8
| General Security Measures
Network Access (MAC Address Authentication)
– 227 –
◆ When the dynamic VLAN assignment status is changed on a port, all
authenticated addresses are cleared from the secure MAC address table.
Example
The following example enables dynamic VLAN assignment on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#
network-access
guest-vlan
Use this command to assign all traffic on a port to a guest VLAN when 802.1x
authentication is rejected. Use the no form of this command to disable guest VLAN
assignment.
Syntax
network-access guest-vlan vlan-id
no network-access guest-vlan
vlan-id - VLAN ID (Range: 1-4093)
Default Setting
Disabled
Command Mode
Interface Configuration
Command Usage
◆ The VLAN to be used as the guest VLAN must be defined and set as active (See
the vlan database command).
◆ When used with 802.1X authentication, the intrusion-action must be set for
“guest-vlan” to be effective (see the dot1x intrusion-action command).
Example
Console(config)#interface ethernet 1/1
Console(config-if)#network-access guest-vlan 25
Console(config-if)#
To Next Page
Loading...
