beautypg.com

Dynamic mac-based vlan configuration example – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 230

background image

CLI commands for MAC-based VLANs

TABLE 25

CLI command

Description

CLI level

mac-auth mac-vlan enable

Enables per-port MAC-based VLAN

Interface

mac-auth mac-vlan disable

Disables per-port MAC-based VLAN

interface

mac-auth mac-vlan-dyn-activation

Enables Dynamic MAC-based VLAN

global

no mac-auth mac-vlan-dyn-activation

Disables Dynamic MAC-based VLAN

global

no mac-auth mac-vlan

Removes the MAC-VLAN configuration from the port

interface

mac-auth mac-vlan max-mac-entries
num of entries

The maximum number of allowed and denied MAC
addresses (static and dynamic) that can be learned on a
port. The default is 2.

interface

mac-auth mac-vlan mac-addr vlan vlan id
priority 0-7

Adds a static MAC-VLAN mapping to the MAC-based
VLAN table (for static hosts)

interface

clear table-mac-vlan

Clears the contents of the authenticated MAC address
table

global

clear table-mac-vlan ethernet port

Clears all MAC-based VLAN mapping on a port

global

show table-mac-vlan

Displays information about allowed and denied MAC
addresses on ports with MAC-based VLAN enabled.

global

show table-mac-vlan allowed-mac

Displays MAC addresses that have been successfully
authenticated

global

show table-mac-vlan denied-mac

Displays MAC addresses for which authentication failed

global

show table-mac-vlan detailed

Displays detailed MAC-VLAN settings and classified MAC
addresses for a port with the feature enabled

global

show table-mac-vlan mac-address

Displays status and details for a specific MAC address

global

show table-mac-vlan ethernet port

Displays all MAC addresses allowed or denied on a
specific port

global

Dynamic MAC-based VLAN configuration example

The following example shows a MAC-based VLAN configuration.

device#show run

Current configuration:

ver 04.0.00b122T7e1

fan-threshold mp speed-3 35 100

module 1 fls-24-port-copper-base-module

module 4 fls-xfp-1-port-10g-module

vlan 1 by port

untagged ethe 0/1/10

mac-vlan-permit ethe 0/1/1 to 0/1/3

no spanning-tree

vlan 2 by port

untagged ethe 0/1/24

mac-vlan-permit ethe 0/1/1 to 0/1/3

no spanning-tree

Dynamic MAC-based VLAN configuration example

230

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: