beautypg.com

Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 299

background image

Multi-Service IronWare Security Configuration Guide

281

53-1003035-02

Displaying multi-device port authentication information

6

Syntax: show auth-mac-address configuration

To display detailed information about the multi-device port authentication configuration and
authenticated MAC addresses for a port where the feature is enabled, enter the following
command.

The following table describes the information displayed by the show authenticated-mac-address
command.

MAC-filter

Whether a MAC filter has been applied to this port to specify pre-authenticated
MAC addresses.

DOS Enable

Denial of Service status. This column will always show “No” since DOS is not
supported.

Protection Limit

This is not applicable to the device, but the output always show “512”.

TABLE 40

Output from the show authenticated-mac-address command

This field...

Displays...

Port

The port to which this information applies.

Dynamic-Vlan Assignment

Whether RADIUS dynamic VLAN assignment has been enabled for the port.

RADIUS failure action

What happens to traffic from a MAC address for which RADIUS authentication
has failed: either block the traffic or assign the MAC address to a restricted
VLAN.

Override-restrict-vlan

Whether a port can be dynamically assigned to a VLAN specified by a RADIUS
server, if the port had been previously placed in the restricted VLAN because a
previous attempt at authenticating a MAC address on that port failed.

Port VLAN

The VLAN to which the port is assigned, and whether the port had been
dynamically assigned to the VLAN by a RADIUS server.

TABLE 39

Output from the show auth-mac-address configuration command (Continued)

This field...

Displays...

Brocade# show auth-mac-address detail

Port 1/18

Dynamic-Vlan Assignment : Enabled

RADIUS failure action : Block Traffic

Override-restrict-vlan : Yes

Port VLAN : 4090 (Configured)

DOS attack protection : Disabled

Accepted Mac Addresses : 0

Rejected Mac Addresses : 0

Aging of MAC-sessions : Enable-All

Port move-back vlan : Port-Configured

MAC Filter applied : No

1 : 0000.0010.2000

MAC TABLE

---------------------------------------------

MAC Address Port VLAN Access Age

---------------------------------------------

00A1.0010.2000 1/18 1 Allowed 0

00A1.0010.2001 1/18 1 Blocked 120

00A1.0010.2002 1/18 1 Init 0