beautypg.com

Limiting the number of authenticated mac addresses, Displaying authenticated mac address information – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 273

background image

the request sent to the RADIUS server. For example, given a MAC address of 0000000feaa1, the users
file on the RADIUS server would be configured with a username and password both set to
0000000feaa1. When traffic from this MAC address is encountered on a MAC-authentication-enabled
interface, the device sends the RADIUS server an Access-Request message with 0000000feaa1 as
both the username and password.

The MAC address is the default password for multi-device port authentication, and you can optionally
configure the device to use a different password. Note that the MAC address is still the username and
cannot be changed.

To change the password for multi-device port authentication, enter a command such as the following at
the GLOBAL Config Level of the CLI.

device(config)#mac-authentication password-override

Syntax: [no] mac-authentication password-override password

where password can have up to 32 alphanumeric characters, but cannot include blank spaces.

Limiting the number of authenticated MAC addresses

You cannot enable MAC port security on the same port that has multi-device port authentication
enabled. To simulate the function of MAC port security, you can enter a command such as the
following.

device(config-if-e1000-2)#mac-authentication max-accepted-session 5

Syntax: [no] mac-authentication max-accepted-session session-number

This command limits the number of successfully authenticated MAC addresses. Enter a value from 1 -
250 for session-number

Displaying multi-device port authentication information

You can display the following information about the multi-device port authentication configuration:

• Information about authenticated MAC addresses
• Information about the multi-device port authentication configuration
• Authentication Information for a specific MAC address or port
• Multi-device port authentication settings and authenticated MAC addresses for each port where the

multi-device port authentication feature is enabled

• The MAC addresses that have been successfully authenticated
• The MAC addresses for which authentication was not successful

Displaying authenticated MAC address information

To display information about authenticated MAC addresses on the ports where the multi-device port
authentication feature is enabled, enter the show auth-mac address command.

device#show auth-mac-address

----------------------------------------------------------------------

Port Vlan Accepted MACs Rejected MACs Attempted-MACs

----------------------------------------------------------------------

1/18 100 1 100 0

1/20 40 0 0 0

Limiting the number of authenticated MAC addresses

FastIron Ethernet Switch Security Configuration Guide

273

53-1003088-03

See also other documents in the category Brocade Computer Accessories: