Static rules (MAC + port) have higher precedence than dynamic rules (Dot1x/Mac/Web VLAN (Virtual LAN) authorization rules).
configure policy rule admin-profile macsource 00-00-00-00-00-01 mask 48 port-string 27 admin-pid 2 configure policy profile 2 name "filter" pvid-status "enable" pvid 400 egress-vlans 200 untagged-vlans 400 tci-overwrite "enable" configure policy maptable response both configure policy vlanauthorization enable enable policy
In the above configuration, if a dot1x user is authenticated with Tunnel Private Group Id as "3000" and filter id as "filter" via Radius, the static macsource rule takes higher precedence and the client FDB (forwarding database) learned on VLAN SYS_VLAN_0400 mentioned in the static rule rather than the tunnel ID sent by Radius.
(Engineering) X440G2-24fx-G4.74 # sh fd Mac Vlan Age Flags Port / Virtual Port List -------------------------------------------------------------------------------- 00:00:00:00:00:01 SYS_VLAN_0400(0400) 0010 nd m v 27
Print
this page
Email this topic
Feedback
View PDF
Download EPUB