Defining Mac Address Filters For Eap Frames; Configuring Vlan Access For Non-Eap-Capable Clients - Dell PowerConnect B-FCXs Configuration Manual
Powerconnect b-series fcx
Hide thumbs
Also See for PowerConnect B-FCXs:
- Hardware installation manual (86 pages) ,
- User manual (152 pages) ,
- Getting started manual (260 pages)
Table of Contents
Advertisement
Clearing a dot1x-mac-session for a MAC address
You can clear the dot1x-mac-session for a specified MAC address, so that the Client with that MAC
address can be re-authenticated by the RADIUS server.
Example
PowerConnect#clear dot1x mac-session 00e0.1234.abd4
Syntax: clear dot1x mac-session <mac-address>
Defining MAC address filters for EAP frames
You can create MAC address filters to permit or deny EAP frames. To do this, you specify the Dell
PowerConnect device 802.1X group MAC address as the destination address in a MAC address
filter, then apply the filter to an interface.
MAC address filters for EAPS on most devices
For example, the following command creates a MAC address filter that denies frames with the
destination MAC address of 0180.c200.0003, which is the 802.1X group MAC address on the Dell
PowerConnect device.
PowerConnect(config)#mac filter 1 deny any 0180.c200.0003 ffff.ffff.ffff
The following commands apply this filter to interface e 3/1.
PowerConnect(config)#interface e 3/11
PowerConnect(config-if-3/1)#mac filter-group 1
Refer to
Configuring VLAN access for non-EAP-capable clients
You can configure the Dell PowerConnect device to grant "guest" or restricted VLAN access to
clients that do not support Extensible EAP. The restricted VLAN limits access to the network or
applications, instead of blocking access to these services altogether.
When the Dell PowerConnect device receives the first packet (non-EAP packet) from a client, the
device waits for 10 seconds or the amount of time specified with the timeout restrict-fwd-period
command. If the Dell PowerConnect device does not receive subsequent packets after the timeout
period, the device places the client on the restricted VLAN.
This feature is disabled by default. To enable this feature and change the timeout period, enter
commands such as the following.
PowerConnect(config)#dot1x-enable
PowerConnect(config-dot1x)#restrict-forward-non-dot1x
PowerConnect(config-dot1x)#timeout restrict-fwd-period 15
Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
Syntax: timeout restrict-fwd-period <num>
The <num> parameter is a value from 0 to 4294967295. The default value is 10.
PowerConnect B-Series FCX Configuration Guide
53-1002266-01
"Defining MAC address filters"
Configuring 802.1X port security
on page 1280 for more information.
34
1245
Advertisement
Table of Contents
Troubleshooting
