Web and MAC Authentication
Configuring MAC Authentication on the Switch
Syntax: aaa port-access mac-based [e] < port-list > [addr-limit <1-32>]
Specifies the maximum number of authenticated
MACs to allow on the port. (Default: 1)
Note: On switches where MAC Auth and 802.1X can
operate concurrently, this limit includes the total
number of clients authenticated through both methods.
Syntax: [no] aaa port-access mac-based [e] < port-list > [addr-moves]
Allows client moves between the specified ports under
MAC Auth control. When enabled, the switch allows
addresses to move without requiring a re-authentica-
tion. When disabled, the switch does not allow moves
and when one does occur, the user will be forced to re-
authenticate. At least two ports (from port(s) and to
port(s)) must be specified. Use the no form of the
command to disable MAC address moves between ports
under MAC Auth control.
(Default: disabled – no moves allowed)
Syntax: aaa port-access mac-based [e] < port-list > [auth-vid <vid>]
no aaa port-access mac-based [e] < port-list > [auth-vid]
Specifies the VLAN to use for an authorized client. The
Radius server can override the value (accept-response
includes a vid). If auth-vid is 0, no VLAN changes occur
unless the RADIUS server supplies one. Use the no form
of the command to set the auth-vid to 0.(Default: 0).
Syntax:
aaa port-access mac-based [e] < port-list >
[logoff-period] <60-9999999>
]
Specifies the period, in seconds, that the switch
enforces for an implicit logoff. This parameter is
equivalent to the MAC age interval in a traditional
switch sense. If the switch does not see activity after a
logoff-period interval, the client is returned to its pre-
authentication state. (Default: 300 seconds)
Syntax: aaa port-access mac-based [e] < port-list > [max-requests <1-10>]
Specifies the number of authentication attempts that
must time-out before authentication fails.
(Default: 2)
4-24
To Next Page
Loading...
Need help?
General
