Configuring network access for ports, Figure 188 confi – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual
Page 923

Brocade 6910 Ethernet Access Switch Configuration Guide
867
53-1002651-02
42
Network Access (MAC Address Authentication)
Interface
To configure aging status and reauthentication time for MAC address authentication:
1. Click Security, Network Access.
2. Select Configure Global from the Step list.
3. Enable or disable aging for secure addresses, and modify the reauthentication time as
required.
4. Click Apply.
FIGURE 188
Configuring Global Settings for Network Access
Configuring Network Access for Ports
Use the Security > Network Access (Configure Interface - General) page to configure MAC
authentication on switch ports, including enabling address authentication, setting the maximum
MAC count, and enabling dynamic VLAN or dynamic QoS assignments.
CLI References
•
“Network Access (MAC Address Authentication)”
Parameters
These parameters are displayed:
•
MAC Authentication
•
Status – Enables MAC authentication on a port. (Default: Disabled)
•
Intrusion – Sets the port response to a host MAC authentication failure to either block
access to the port or to pass traffic through. (Options: Block, Pass; Default: Block)
•
Max MAC Count
17
– Sets the maximum number of MAC addresses that can be
authenticated on a port via MAC authentication; that is, the Network Access process
described in this section. (Range: 1-1024; Default: 1024)
•
Network Access Max MAC Count
– Sets the maximum number of MAC addresses that can be
authenticated on a port interface via all forms of authentication (including Network Access and
IEEE 802.1X). (Range: 1-2048; Default: 1024)
•
Guest VLAN – Specifies the VLAN to be assigned to the port when 802.1X Authentication fails.
(Range: 0-4093, where 0 means disabled; Default: Disabled)
17. The maximum number of MAC addresses per port is 1024, and the maximum number of secure MAC
addresses supported for the switch system is 1024. When the limit is reached, all new MAC addresses are
treated as authentication failures.