Brocade Communications Systems 6650 Switch User Manual

Open as PDF

of 332

214 Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Dynamic MAC-based VLAN

Dynamic MAC-based VLAN configuration example

The following example shows a MAC-based VLAN configuration.

Brocade# show run

Current configuration:

ver 04.0.00b122T7e1

fan-threshold mp speed-3 35 100

module 1 icx6650-64-56-port-management-module

module 2 icx6650-64-4-port-160g-module

module 3 icx6650-64-8-port-80g-module

vlan 1 by port

untagged ethernet 1/1/10

mac-vlan-permit ethernet 1/1/1 to 1/1/3

no spanning-tree

vlan 2 by port

untagged ethernet 1/1/24

mac-vlan-permit ethernet 1/1/1 to 1/1/3

no spanning-tree

vlan 222 name RESTRICTED_MBV by port

untagged ethe 1/1/4

mac-vlan-permit ethernet 1/1/1 to 1/1/3

vlan 666 name RESTRICTED_MAC_AUTH by port

untagged ethe 1/1/20

mac-vlan-permit ethernet 1/1/1 to 1/1/3

spanning-tree 802-1w

vlan 4000 name DEFAULT-VLAN by port

mac-auth mac-vlan max-mac-entries

num-of-entries

The maximum number of allowed and denied

MAC addresses (static and dynamic) that can be

learned on a port. The default is 2.

interface

mac-auth mac-vlan mac-addr

vlan vlan-id priority <0-7>

Adds a static MAC-VLAN mapping to the

MAC-based VLAN table (for static hosts)

interface

clear table-mac-vlan Clears the contents of the authenticated MAC

address table

global

clear table-mac-vlan ethernet port Clears all MAC-based VLAN mapping on a port global

show table-mac-vlan Displays information about allowed and denied

MAC addresses on ports with MAC-based VLAN

enabled.

global

show table-mac-vlan allowed-mac Displays MAC addresses that have been

successfully authenticated

global

show table-mac-vlan denied-mac Displays MAC addresses for which

authentication failed

global

show table-mac-vlan detailed Displays detailed MAC-VLAN settings and

classified MAC addresses for a port with the

feature enabled

global

show table-mac-vlan mac-address Displays status and details for a specific MAC

address

global

show table-mac-vlan ethernet port Displays all MAC addresses allowed or denied

on a specific port

global

TABLE 45 CLI commands for MAC-based VLANs (Continued)

CLI command Description CLI level

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Brocade Communications Systems 6650 Switch User Manual