PKI configuration example ····························································································································· 338
Configuration guidelines ································································································································ 342
Overview ························································································································································ 343
User account policies ····························································································································· 343
Authentication methods ·························································································································· 343
MAC authentication timers ····················································································································· 343
VLAN assignment ·································································································································· 344
ACL assignment ····································································································································· 344
Auth-Fail VLAN ······································································································································ 344
Configuration prerequisites ···························································································································· 344
Overview ························································································································································ 358
Port security features ····························································································································· 358
Port security modes ······························································································································· 358
Configuration guidelines ································································································································ 360
Configuring permitted OUIs ··························································································································· 366
Configuration procedure ································································································································ 378
Network requirements ···························································································································· 379
Configuration procedure ························································································································· 379
Configuring ACLs ························································································ 383
Overview ························································································································································ 383
ACL categories ······································································································································· 383
Match order ············································································································································ 383
Configuration guidelines ································································································································ 385
Configuring a time range ························································································································ 386
Adding an IPv4 ACL ······························································································································· 387
viii