beautypg.com

Filters and ip acls – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 207

background image

In this example, the 802.1X-enabled port has been moved from VLAN 1 to VLAN 2. When the client
disconnects, the port will be moved back to VLAN 1.

The show run command also indicates the VLAN to which the port has been dynamically assigned.
The output can differ depending on whether GARP VLAN Registration Protocol (GVRP) is enabled on
the device:

Without GVRP - When you enter the show run command, the output indicates that the port is a

member of the VLAN to which it was dynamically assigned through 802.1X. If you then enter the
write memory command, the VLAN to which the port is currently assigned becomes the port default
VLAN in the device configuration.

With GVRP - When you enter the show run command, if the VLAN name supplied by the RADIUS

server corresponds to a VLAN learned through GVRP, then the output indicates that the port is a
member of the VLAN to which it was originally assigned (not the VLAN to which it was dynamically
assigned).

If the VLAN name supplied by the RADIUS server corresponds to a statically configured VLAN, the
output indicates that the port is a member of the VLAN to which it was dynamically assigned through
802.1X. If you then enter the write memory command, the VLAN to which the port is currently assigned
becomes the port default VLAN in the device configuration.

Displaying information about dynamically appliedMAC address filters
and IP ACLs

You can display information about currently active user-defined and dynamically applied MAC address
filters and IP ACLs.

Displaying user-defined MAC address filters and IP ACLs

To display the user-defined MAC address filters active on the device, enter the following command.

device#show dot1x mac-address filter

Port 1/3 (User defined MAC Address Filter) :

mac filter 1 permit any any

Syntax: show dot1x mac-address-filter

To display the user-defined IP ACLs active on the device, enter the show dot1x ip-ACL command.

device#show dot1x ip-ACL

Port 1/3 (User defined IP ACLs):

Extended IP access list Port_1/3_E_IN

permit udp any any

Extended IP access list Port_1/3_E_OUT

permit udp any any

Syntax: show dot1x ip-ACL

Displaying dynamically applied MAC address filters and IP ACLs

To display the dynamically applied MAC address filters active on an interface, enter a command such
as the following.

device#show dot1x mac-address-filter e

1/3

Port 1/3 MAC Address Filter information:

802.1X Dynamic MAC Address Filter :

mac filter-group 2

Port default MAC Address Filter:

No mac address filter is set

Displaying information about dynamically appliedMAC address filters and IP ACLs

FastIron Ethernet Switch Security Configuration Guide

207

53-1003088-03

See also other documents in the category Brocade Computer Accessories: