LAN Enforcer 6100 Series Appliance Media Access Control (MAC) Address Bypass Override Feature

Article:TECH96753  |  Created: 2009-01-14  |  Updated: 2011-08-15  |  Article URL http://www.symantec.com/docs/TECH96753
Article Type
Technical Solution


Issue



How to configure the Mac Address Bypass (MAB) override feature on the Enforcer 6100 Series Appliance

Symptoms
n/a

 


Cause



n/a


Solution



Starting with version 11.0.5, the Enforcer Appliance 6100 Series includes a MAB Override feature where the Enforcer will allow a particular action to be taken when a MAC Address is found or not found in either the Local Database on the Enforcer or on an upstream Lightweight Directory Access Protocol (LDAP) server.

In previous versions, the client would be denied access if the MAC Address was not found, and an "open port" command would be sent to the switch if the MAC address was found in the local database or upstream LDAP server .

Starting in version 11.0.5, you can choose if you want to open the port, close the port, or move the MAC Address Bypass (MAB) client to a particular VLAN.

Enforcer Command Line Interface (CLI) Commands:

    Turn on/off Mac Address Bypass Override:
    #mab-override [ enable | disable ]

    Once enabled then you choose the action you want the Enforcer to take:

    Action to take when the MAC address is found:
    #mab-accept action [ open-port | close-port | vlan VLAN_ID ]

    Action to take when the MAC address is NOT found:
    #mab-reject action [ open-port | close-port | vlan VLAN_ID ]

    Show mab-override action table configuration:
    #
    show mab-override

  Assign VLAN Open/Close port
Previous "Assign VLAN <name> to port because Host Integrity check is <result>, profile check is <result> and EAP auth is <result>." "OPEN_PORT/CLOSE_PORT because Host Integrity check is <result>, profile check is <result> and EAP auth is <result>."
Change to "Assign VLAN <name> to port because MAB result is <result>." "OPEN_PORT/CLOSE_PORT because MAB result is <result>."

 

 

 

 

 

 

 




Legacy ID



2009101406492748


Article URL http://www.symantec.com/docs/TECH96753


Terms of use for this information are found in Legal Notices