Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

621

622

623

624

625

626

627

628

629

630

572 FastIron Configuration Guide

53-1002494-02

Defining MAC address filters

MAC address filter logging command syntax

To configure MAC address filter logging globally, enter the following CLI commands at the global

CONFIG level.

Brocade(config)#mac filter log-enable

Brocade(config)#write memory

Syntax: [no] mac filter log-enable

To configure MAC address filter logging for MAC address filters applied to ports 1 and 3, enter the

following CLI commands.

Brocade(config)#int ethernet 1

Brocade(config-if-e1000-1)#mac filter-group log-enable

Brocade(config-if-e1000-1)#int ethernet 3

Brocade(config-if-e1000-3)#mac filter-group log-enable

Brocade(config-if-e1000-3)#write memory

Syntax: [no] mac filter-group log-enable

MAC address filter override for 802.1X-enabled ports

The MAC address filtering feature on an 802.1X-enabled port allows 802.1X and non-802.1X

devices to share the same physical port. For example, this feature enables you to connect a PC and

a non-802.1X device, such as a Voice Over IP (VOIP) phone, to the same 802.1X-enabled port on

the Brocade device. The IP phone will bypass 802.1X authentication and the PC will require 802.1X

authentication.

To enable this feature, first create a MAC address filter, then bind it to an interface on which 802.1X

is enabled. The MAC address filter includes a mask that can match on any number of bytes in the

MAC address. The mask can eliminate the need to enter MAC addresses for all non-802.1X devices

connected to the Brocade device, and the ports to which these devices are connected.

MAC address filter override configuration notes

• This feature is supported on untagged, tagged, and dual-mode ports.

• You can configure this feature on ports that have ACLs and MAC address filters defined.

MAC address filter override configuration syntax

To configure MAC address filtering on an 802.1X-enabled port, enter commands such as the

following.

Brocade#(config)#mac filter 1 permit 0050.04ab.9429 ffff.ffff.0000 any

Brocade#(config)#int e1/2

Brocade#(config-if-e1000-1/2)#dot1x auth-filter 1 3 to 5 10

The first line defines a MAC address filter that matches on the first four bytes (ffff.ffff.0000) of the

source MAC address 0050.04ab.9429, and any destination MAC address. The permit action

creates an 802.1X session in the FORCE AUTHORIZE state, meaning that the device is placed

unconditionally in the authorized state, bypassing 802.1X authentication and allowing all traffic

from the specified MAC address. If no match is found, the implicit action is to authenticate the

client.

The last line binds MAC address filters 1, 3, 4, 5, and 10 to interface 2.