The configuration strategy below shows the configuration
commands that LMA supports. All LMA commands can be prefixed with
[no]. For port based commands, a VLAN must be created.
Procedure
- Enable local mac authentication
on switch port ‘1’
switch(config)#aaa port-access local-mac 1
- Create mac-group, ‘ip-phone-grp’
for IP phones. The newly created group becomes editable. So, the user
can add/delete mac-oui from the mac-group.
switch(config)#aaa port-access local-mac mac-group ip-phone-grp
- or create mac-group, ‘hpphone-grp’, from the
default (factory-shipped) ‘hp-ip-phones’ group
switch(config)#aaa port-access local-mac mac-group default hp-ip-phones hpphones-grp
- Note: To determine the factory-shipped default
mac-groups, use
show port-access local-mac mac-group default
- Associate mac-address, 005557-9B688B
to a mac-group, hpphone-grp
switch(config)#aaa port-access local-mac mac-group hpphones-grp mac-addr005557-9B688B
- Create LMA profile, ip-phone-prof,
with attributes, tagged vlan, 2, untagged vlan, 3 and cos 2
switch(config)#aaa port-access local-mac profile ip-phone-prof vlan tagged 2 untagged 3 CoS2
- Associate LMA profile, ip-phone-prof,
to a mac-group, hpphone-grp
switch(config)#aaa port-access local-mac apply profile ip-phone-prof mac-group hpphone-grp