Cisco Catalyst 2960-X Security Configuration Manual page 344

Enabling MAC Replace
Beginning in privileged EXEC mode, follow these steps to enable MAC replace on an interface. This procedure
is optional.
SUMMARY STEPS
1. configure terminal
2. interface interface-id
3. authentication violation {protect | replace | restrict | shutdown}
4. end
5. show running-config
6. copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1 configure terminal
Example:
Switch# configure terminal
Step 2
interface interface-id
Example:
Switch(config)# interface
gigabitethernet2/0/2
Step 3
authentication violation {protect | replace |
restrict | shutdown}
Example:
Switch(config-if)# authentication violation
replace
Step 4
end
Example:
Switch(config-if)# end
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
320
Configuring IEEE 802.1x Port-Based Authentication
Purpose
Enters global configuration mode.
Specifies the port to be configured, and enter interface
configuration mode.
Use the replace keyword to enable MAC replace on the interface.
The port removes the current session and initiates authentication
with the new host.
The other keywords have these effects:
• protect: the port drops packets with unexpected MAC
addresses without generating a system message.
• restrict: violating packets are dropped by the CPU and a
system message is generated.
• shutdown: the port is error disabled when it receives an
unexpected MAC address.
Returns to privileged EXEC mode.
OL-29048-01