Chapter 24: General Security Measures
Network Access (MAC Address Authentication)
– 828 –
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-qos
Console(config-if)#
network-access
dynamic-vlan
Use this command to enable dynamic VLAN assignment for an
authenticated port. Use the
no
form to disable dynamic VLAN assignment.
S
YNTAX
[
no
]
network-access dynamic-vlan
D
EFAULT
S
ETTING
Enabled
C
OMMAND
M
ODE
Interface Configuration
C
OMMAND
U
SAGE
•
When enabled, the VLAN identifiers returned by the RADIUS server
through the 802.1X authentication process will be applied to the port,
providing the VLANs have already been created on the switch. GVRP is
not used to create the VLANs.
•
The VLAN settings specified by the first authenticated MAC address are
implemented for a port. Other authenticated MAC addresses on the
port must have same VLAN configuration, or they are treated as an
authentication failure.
•
If dynamic VLAN assignment is enabled on a port and the RADIUS
server returns no VLAN configuration, the authentication is still treated
as a success, and the host assigned to the default untagged VLAN.
•
When the dynamic VLAN assignment status is changed on a port, all
authenticated addresses are cleared from the secure MAC address
table.
E
XAMPLE
The following example enables dynamic VLAN assignment on port 1.
Console(config)#interface ethernet 1/1
Console(config-if)#network-access dynamic-vlan
Console(config-if)#
network-access
guest-vlan
Use this command to assign all traffic on a port to a guest VLAN when
802.1x authentication or MAC authentication is rejected. Use the
no
form
of this command to disable guest VLAN assignment.
Summary of Contents for SSE-G2252
Page 42: ...44 General IP Routing on page 627...
Page 603: ...Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 609...
Page 883: ...Chapter 24 General Security Measures Port based Traffic Segmentation 894...
Page 989: ...Chapter 30 Congestion Control Commands Automatic Traffic Control Commands 1000 Console...
Page 1007: ...Chapter 33 Address Table Commands 1019...
Page 1137: ...Chapter 38 Quality of Service Commands 1150...