Brocade Communications Systems Brocade ICX 6650 6650 User Manual
214
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
Dynamic MAC-based VLAN
Dynamic MAC-based VLAN configuration example
The following example shows a MAC-based VLAN configuration.
Brocade# show run
Current configuration:
ver 04.0.00b122T7e1
fan-threshold mp speed-3 35 100
module 1 icx6650-64-56-port-management-module
module 2 icx6650-64-4-port-160g-module
module 3 icx6650-64-8-port-80g-module
vlan 1 by port
untagged ethernet 1/1/10
mac-vlan-permit ethernet 1/1/1 to 1/1/3
no spanning-tree
vlan 2 by port
untagged ethernet 1/1/24
mac-vlan-permit ethernet 1/1/1 to 1/1/3
no spanning-tree
vlan 222 name RESTRICTED_MBV by port
untagged ethe 1/1/4
mac-vlan-permit ethernet 1/1/1 to 1/1/3
vlan 666 name RESTRICTED_MAC_AUTH by port
untagged ethe 1/1/20
mac-vlan-permit ethernet 1/1/1 to 1/1/3
spanning-tree 802-1w
vlan 4000 name DEFAULT-VLAN by port
Current configuration:
ver 04.0.00b122T7e1
fan-threshold mp speed-3 35 100
module 1 icx6650-64-56-port-management-module
module 2 icx6650-64-4-port-160g-module
module 3 icx6650-64-8-port-80g-module
vlan 1 by port
untagged ethernet 1/1/10
mac-vlan-permit ethernet 1/1/1 to 1/1/3
no spanning-tree
vlan 2 by port
untagged ethernet 1/1/24
mac-vlan-permit ethernet 1/1/1 to 1/1/3
no spanning-tree
vlan 222 name RESTRICTED_MBV by port
untagged ethe 1/1/4
mac-vlan-permit ethernet 1/1/1 to 1/1/3
vlan 666 name RESTRICTED_MAC_AUTH by port
untagged ethe 1/1/20
mac-vlan-permit ethernet 1/1/1 to 1/1/3
spanning-tree 802-1w
vlan 4000 name DEFAULT-VLAN by port
mac-auth mac-vlan max-mac-entries
num-of-entries
num-of-entries
The maximum number of allowed and denied
MAC addresses (static and dynamic) that can be
learned on a port. The default is 2.
MAC addresses (static and dynamic) that can be
learned on a port. The default is 2.
interface
mac-auth mac-vlan mac-addr
vlan vlan-id priority <0-7>
vlan vlan-id priority <0-7>
Adds a static MAC-VLAN mapping to the
MAC-based VLAN table (for static hosts)
MAC-based VLAN table (for static hosts)
interface
clear table-mac-vlan
Clears the contents of the authenticated MAC
address table
address table
global
clear table-mac-vlan ethernet port
Clears all MAC-based VLAN mapping on a port
global
show table-mac-vlan
Displays information about allowed and denied
MAC addresses on ports with MAC-based VLAN
enabled.
MAC addresses on ports with MAC-based VLAN
enabled.
global
show table-mac-vlan allowed-mac
Displays MAC addresses that have been
successfully authenticated
successfully authenticated
global
show table-mac-vlan denied-mac
Displays MAC addresses for which
authentication failed
authentication failed
global
show table-mac-vlan detailed
Displays detailed MAC-VLAN settings and
classified MAC addresses for a port with the
feature enabled
classified MAC addresses for a port with the
feature enabled
global
show table-mac-vlan mac-address
Displays status and details for a specific MAC
address
address
global
show table-mac-vlan ethernet port
Displays all MAC addresses allowed or denied
on a specific port
on a specific port
global
TABLE 45
CLI commands for MAC-based VLANs (Continued)
CLI command
Description
CLI level