Configuring Mac Authentication Bypass With Acl Assignments; Configuring Mac Authentication Bypass With Qos Acls - Cisco WS-C6506 Software Manual

Catalyst 6500 series switch

Hide thumbs Also See for WS-C6506:

Manual (110 pages)

Installation manual (336 pages)

Table of Contents

Configuring MAC Authentication Bypass

Shutdown Timeout

Violation mode

Console> (enable)

Configuring MAC Authentication Bypass with ACL Assignments

MAC authentication bypass(MAB)-enabled ports support ACL assignments similar to 802.1X-enabled

ports. For more information, see

The ACLs must be predefined and committed on the switch. ACL mapping by MAB is a runtime

configuration and does not reflect in the NVRAM. The mapping is removed when the MAB static CAM

entry is removed or at reauth, if the RADIUS sends a different or no ACL to map.

MAC authentication bypass-enabled ports support ACLs sent by RADIUS and QoS policies-based

authentication similar to QoS policies on 802.1X-enabled ports. For more information, see

802.1X with QoS ACLs" section on page

When configuring MAB with QoS ACLs, follow these guidelines:

This example shows how to display the QoS ACLs information for a MAB-enabled port:

Console (enable)> show port mac-auth-bypass 3/13

----- --------------------- ----------------- -----------------

3/13 Enabled

----- ------------------ --------------- ------------------

3/13 initialize

----- ----------------------------------------------------------------

----- -------------------------------- ----------------- ----------------

3/13 my_security_pacl

----- -------------------------------- ----------------------------------

3/13 my_qos_invacl

----- -------- ---------------

3/13 Disabled -

The QoS ACLs must be predefined and committed on the switch.

If more than one QoS ACL of the same attribute type (invacl, outvacl, or inpacl) is sent to the MAB

port, only the first ACL for an attribute type is configured.

The minimum acceptable reauthentication timeout for MAB has been reduced to 30 from 300

seconds. The default is 30 seconds.

Dynamically applied QoS ACLs cannot be removed using commands. They are automatically

removed when MAB initializes.

Mac-Auth-Bypass State MAC Address

Termination action Session Timeout Shutdown/Time-Left

PolicyGroups

Security ACL

QoS Ingress Policy

Critical Critical-Status

Configuring MAC Authentication Bypass with ACL Assignments

"Configuring 802.1X with ACL Assignments" section on page

00-11-22-33-01-87 authenticated

Sec ACL Type

QoS Egress Policy

my_qos_outvacl

Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7

QoS ACL Type

"Configuring

Show Quick Links

Table of Contents

Troubleshooting

Catalyst 6506 Catalyst 6509 Catalyst 6513

Configuring Mac Authentication Bypass With Acl Assignments; Configuring Mac Authentication Bypass With Qos Acls - Cisco WS-C6506 Software Manual

Configuring MAC Authentication Bypass with ACL Assignments

Configuring MAC Authentication Bypass with QoS ACLs

Hide quick links:

Troubleshooting

Related Manuals for Cisco WS-C6506

Related Content for Cisco WS-C6506

This manual is also suitable for:

Table of Contents