Information Technology Reference
In-Depth Information
MAC Address Filter Configuration
MAC addresses can be filtered at the interface level, inbound or outbound. You use the
input-
access-list
or
output-access-list
keywords in the
bridge-group
command to filter. Example
4-22 filters MAC 00c0.0404.091a inbound. Access list 700 specifically denies MAC address
00c0.0404.091a and permits all other MAC addresses. The access list is applied to Ethernet 0
as an inbound filter with the
bridge-group 1 input-access-list 700
command.
Example 4-22
MAC Address Filtering
interface ethernet 0
bridge-group 1
bridge-group 1 input-access-list 700
!
access-list 700 deny 00c0.0404.091a 0000.0000.0000
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
Ethernet Type Filter Configuration
Ethernet frames can be filtered by type code at the interface level, inbound or outbound. Use
the
input-type-list
or
output-type-list
keywords in the
bridge-group
command. Example
4-23 filters (denies) DEC LAT (Type=6004) outbound. Access list 200 specifically denies
Ethernet type 0x6004 and permits all other Ethernet types. The access list is applied as an
outbound filter on Ethernet 0 with the
bridge-group 1 output-type-list 200
command.
Example 4-23
Ethernet Type Filtering
interface ethernet 0
bridge-group 1
bridge-group 1 output-type-list 200
!
access-list 200 deny 0x6004 0x0000
access-list 200 permit 0x0000 0xffff
IEEE 802.1x Port-Based Authentication
IEEE 802.1x is a port-based authentication standard for LANs. Use the standard to authenticate
a user before allowing services on Ethernet, FE, and WLANs.
With 802.1x, client workstations run 802.1x client software to request services. Clients use the
Extensible Authentication Protocol (EAP) to communicate with the LAN switch. The LAN
switch verifies client information with the authentication server and relays the response to the
client. LAN switches use a Remote Authentication Dial-In User Service (RADIUS) client to
communicate with the server. The RADIUS authentication server validates the identity of the
client and authorizes the client. The server uses RADIUS with EAP extensions to make the
authorization.
Search WWH ::
Custom Search