LAN Enforcer 6100 Series Appliance Media Access Control (MAC) Address Bypass Override Feature
|Article:TECH96753|||||Created: 2009-01-14|||||Updated: 2011-08-16|||||Article URL http://www.symantec.com/docs/TECH96753|
How to configure the Mac Address Bypass (MAB) override feature on the Enforcer 6100 Series Appliance
Starting with version 11.0.5, the Enforcer Appliance 6100 Series includes a MAB Override feature where the Enforcer will allow a particular action to be taken when a MAC Address is found or not found in either the Local Database on the Enforcer or on an upstream Lightweight Directory Access Protocol (LDAP) server.
In previous versions, the client would be denied access if the MAC Address was not found, and an "open port" command would be sent to the switch if the MAC address was found in the local database or upstream LDAP server .
Starting in version 11.0.5, you can choose if you want to open the port, close the port, or move the MAC Address Bypass (MAB) client to a particular VLAN.
Enforcer Command Line Interface (CLI) Commands:
Turn on/off Mac Address Bypass Override:
Once enabled then you choose the action you want the Enforcer to take:
Action to take when the MAC address is found:
#mab-accept action [ open-port | close-port | vlan VLAN_ID ]
Action to take when the MAC address is NOT found:
#mab-reject action [ open-port | close-port | vlan VLAN_ID ]
|Assign VLAN||Open/Close port|
|Previous||"Assign VLAN <name> to port because Host Integrity check is <result>, profile check is <result> and EAP auth is <result>."||"OPEN_PORT/CLOSE_PORT because Host Integrity check is <result>, profile check is <result> and EAP auth is <result>."|
|Change to||"Assign VLAN <name> to port because MAB result is <result>."||"OPEN_PORT/CLOSE_PORT because MAB result is <result>."|
Article URL http://www.symantec.com/docs/TECH96753