The configuration strategy below shows the configuration commands that LMA supports. All LMA commands can be prefixed with [no]. For port based commands, a VLAN must be created.
Procedure
-
Enable local mac authentication on switch port ‘1’
switch(config)#aaa port-access local-mac 1
-
Do one of the following:
-
Create mac-group, ‘ip-phone-grp’ for IP phones. The newly created group becomes editable. So, the user can add/delete mac-oui from the mac-group
switch(config)#aaa port-access local-mac mac-group ip-phone-grp
-
Create mac-group, ‘hpphone-grp’, from the default (factory-shipped) ‘hp-ip-phones’ group
switch(config)#aaa port-access local-mac mac-group default hp-ip-phones hpphones-grp
Note: To determine the factory-shipped default mac-groups, use
show port-access local-mac mac-group default
-
Associate mac-address, 005557-9B688B to a mac-group, hpphone-grp
switch(config)#aaa port-access local-mac mac-group hpphones-grp mac-addr005557-9B688B
-
Create LMA profile, ip-phone-prof, with attributes, tagged vlan, 2, untagged vlan, 3 and cos 2
switch(config)#aaa port-access local-mac profile ip-phone-prof vlan tagged 2 untagged 3 CoS2
-
Associate LMA profile, ip-phone-prof, to a mac-group, hpphone-grp
switch(config)#aaa port-access local-mac apply profile ip-phone-prof mac-group hpphone-grp