Dynamic mac-based vlan configuration example – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 234

Advertising
background image

214

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Dynamic MAC-based VLAN

Dynamic MAC-based VLAN configuration example

The following example shows a MAC-based VLAN configuration.

Brocade# show run
Current configuration:
ver 04.0.00b122T7e1
fan-threshold mp speed-3 35 100
module 1 icx6650-64-56-port-management-module
module 2 icx6650-64-4-port-160g-module
module 3 icx6650-64-8-port-80g-module
vlan 1 by port
untagged ethernet 1/1/10
mac-vlan-permit ethernet 1/1/1 to 1/1/3
no spanning-tree
vlan 2 by port
untagged ethernet 1/1/24
mac-vlan-permit ethernet 1/1/1 to 1/1/3
no spanning-tree
vlan 222 name RESTRICTED_MBV by port
untagged ethe 1/1/4
mac-vlan-permit ethernet 1/1/1 to 1/1/3
vlan 666 name RESTRICTED_MAC_AUTH by port
untagged ethe 1/1/20
mac-vlan-permit ethernet 1/1/1 to 1/1/3
spanning-tree 802-1w
vlan 4000 name DEFAULT-VLAN by port

mac-auth mac-vlan max-mac-entries
num-of-entries

The maximum number of allowed and denied
MAC addresses (static and dynamic) that can be
learned on a port. The default is 2.

interface

mac-auth mac-vlan mac-addr
vlan vlan-id priority <0-7>

Adds a static MAC-VLAN mapping to the
MAC-based VLAN table (for static hosts)

interface

clear table-mac-vlan

Clears the contents of the authenticated MAC
address table

global

clear table-mac-vlan ethernet port

Clears all MAC-based VLAN mapping on a port

global

show table-mac-vlan

Displays information about allowed and denied
MAC addresses on ports with MAC-based VLAN
enabled.

global

show table-mac-vlan allowed-mac

Displays MAC addresses that have been
successfully authenticated

global

show table-mac-vlan denied-mac

Displays MAC addresses for which
authentication failed

global

show table-mac-vlan detailed

Displays detailed MAC-VLAN settings and
classified MAC addresses for a port with the
feature enabled

global

show table-mac-vlan mac-address

Displays status and details for a specific MAC
address

global

show table-mac-vlan ethernet port

Displays all MAC addresses allowed or denied
on a specific port

global

TABLE 45

CLI commands for MAC-based VLANs (Continued)

CLI command

Description

CLI level

Advertising
Popular Brands
Popular manuals