Table of Contents
Advertisement
PKI configuration example ····························································································································· 338
Configuration guidelines ································································································································ 342
Configuring MAC authentication ································································· 343
Overview ························································································································································ 343
User account policies ····························································································································· 343
Authentication methods ·························································································································· 343
MAC authentication timers ····················································································································· 343
Using MAC authentication with other features ······························································································· 344
VLAN assignment ·································································································································· 344
ACL assignment ····································································································································· 344
Auth-Fail VLAN ······································································································································ 344
Configuration prerequisites ···························································································································· 344
Recommended configuration procedure ········································································································ 345
Configuring MAC authentication globally ······································································································· 345
Configuring MAC authentication on a port ····························································································· 346
MAC authentication configuration examples ·································································································· 347
Local MAC authentication configuration example ·················································································· 347
ACL assignment configuration example································································································· 350
Configuring port security ············································································· 358
Overview ························································································································································ 358
Port security features ····························································································································· 358
Port security modes ······························································································································· 358
Configuration guidelines ································································································································ 360
Recommended configuration procedure ········································································································ 360
Configuring global settings for port security ··································································································· 361
Configuring basic port security control ··········································································································· 362
Configuring secure MAC addresses ·············································································································· 363
Configuring advanced port security control ···································································································· 364
Configuring permitted OUIs ··························································································································· 366
Port security configuration examples ············································································································· 366
Basic port security mode configuration example ···················································································· 366
Advanced port security mode configuration example ············································································ 369
Configuring port isolation ············································································ 375
Configuring the isolation group ······················································································································ 375
Port isolation configuration example ·············································································································· 376
Configuring authorized IP ··········································································· 378
Configuration procedure ································································································································ 378
Authorized IP configuration example ············································································································· 379
Network requirements ···························································································································· 379
Configuration procedure ························································································································· 379
Configuring loopback detection ··································································· 381
Recommended configuration procedure ········································································································ 381
Configuring loopback detection globally ········································································································ 381
Configuring loopback detection on a port ······································································································ 382
Configuring ACLs ························································································ 383
Overview ························································································································································ 383
ACL categories ······································································································································· 383
Match order ············································································································································ 383
Implementing time-based ACL rules ······································································································ 384
IPv4 fragments filtering with ACLs ········································································································· 385
Configuration guidelines ································································································································ 385
Recommend ACL configuration procedures ·································································································· 385
Recommended IPv4 ACL configuration procedure ················································································ 385
Recommended IPv6 ACL configuration procedure ················································································ 385
Configuring a time range ························································································································ 386
Adding an IPv4 ACL ······························································································································· 387
viii
Hide quick links:
Advertisement
Table of Contents
