Configuring Authentication
Fixed Switch Configuration Guide 10-15
Configuring MAC-based Authentication
Configuring MAC-based authentication on a switch consists of:
• Setting the global MAC authentication password for the switch
• Enabling MAC authentication on a port
• Enabling MAC authentication globally
• Setting the authentication mode to multi
• Optionally re-initializing or re-authenticating existing sessions
Procedure 10-2 describes how to configure MAC-based authentication. Unspecified parameters
use their default values.
2. Display the access entity index values. Ports
used to authenticate and authorize supplicants
utilize access entities that maintain entity state,
counters, and statistics for an individual
supplicant. You need to know the index value
associated with a single entity to enable,
disable, initialize, or reauthenticate a single
entity.
show dot1x auth-session-stats
3. Enable EAP on the stackable fixed switch or
standalone fixed switch.
set eapol [enable | disable] [auth-mode
{auto | forced-auth | forced-unauth}
port-string
4. Enable IEEE 802.1x globally on the switch.
Ports default to enabled.
set dot1x {enable | disable}
5. If an entity deactivates due to the supplicant
logging off, inability to authenticate, or the
supplicant or associated policy settings are no
longer valid, you can re-initialize a deactivated
access entity. If necessary, re-initialize the
specified entity.
set dot1x init [port-string] [index index-list]
6. If the authentication for a supplicant times out or
is lost for any reason, you can reauthenticate
that supplicant. If necessary, reauthenticate the
specified entity.
set dot1x reauth [port-string] [index
index-list]
7. Display IEEE 802.1x configuration. show dot1x auth-config
Procedure 10-1 IEEE 802.1x Configuration (continued)
Step Task Command(s)
Procedure 10-2 MAC-Based Authentication Configuration
Step Task Command(s)
1. Optionally set or clear a global password on the
switch.
set macauthentication password password
clear macauthentication password
password
2. Enable or disable MAC authentication on a port.
By default, MAC authentication is disabled for all
ports. MAC authentication must be enabled on
the ports that will use it.
set macauthentication port {enable |
disable} port-string
To Next Page
Loading...
Need help?
General