C
HAPTER
25
| General Security Measures
Network Access (MAC Address Authentication)
– 654 –
NETWORK ACCESS (MAC ADDRESS AUTHENTICATION)
Network Access authentication controls access to the network by
authenticating the MAC address of each host that attempts to connect to a
switch port. Traffic received from a specific MAC address is forwarded by
the switch only if the source MAC address is successfully authenticated by
a central RADIUS server. While authentication for a MAC address is in
progress, all traffic is blocked until authentication is completed. Once
successfully authenticated, the RADIUS server may optionally assign VLAN
and QoS settings for the switch port.
Table 78: Network Access Commands
Command Function Mode
network-access aging Enables MAC address aging GC
network-access mac-filter Adds a MAC address to a filter table GC
mac-authentication reauth-
time
Sets the time period after which a connected MAC
address must be re-authenticated
GC
network-access dynamic-qos Enables the dynamic quality of service feature IC
network-access dynamic-vlan Enables dynamic VLAN assignment from a RADIUS
server
IC
network-access guest-vlan Specifies the guest VLAN IC
network-access link-detection Enables the link detection feature IC
network-access link-detection
link-down
Configures the link detection feature to detect and
act upon link-down events
IC
network-access link-detection
link-up
Configures the link detection feature to detect and
act upon link-up events
IC
network-access link-detection
link-up-down
Configures the link detection feature to detect and
act upon both link-up and link-down events
IC
network-access max-mac-
count
Sets the maximum number of MAC addresses that
can be authenticated on a port via all forms of
authentication
IC
network-access mode mac-
authentication
Enables MAC authentication on an interface IC
network-access port-mac-
filter
Enables the specified MAC address filter IC
mac-authentication intrusion-
action
Determines the port response when a connected
host fails MAC authentication.
IC
mac-authentication max-
mac-count
Sets the maximum number of MAC addresses that
can be authenticated on a port via MAC
authentication
IC
clear network-access Clears authenticated MAC addresses from the
address table
PE
show network-access Displays the MAC authentication settings for port
interfaces
PE
show network-access mac-
address-table
Displays information for entries in the secure MAC
address table
PE
show network-access mac-
filter
Displays information for entries in the MAC filter
tables
PE
To Next Page
Loading...
Need help?
General