Web and MAC Authentication
Configuring MAC Authentication on the Switch
Syntax: [no] aaa port-access mac-based < port-list >
Enables MAC-based authentication on the specified
ports. Use the no form of the command to disable MAC-
based authentication on the specified ports.
Syntax: aaa port-access mac-based [e] < port-list > [addr-limit <1-32>]
Specifies the maximum number of authenticated
MACs to allow on the port. (Default: 1)
Note: On switches where MAC Auth and 802.1X can
operate concurrently, this limit includes the total
number of clients authenticated through both methods.
Syntax: [no] aaa port-access mac-based [e] < port-list > [addr-moves]
Allows client moves between the specified ports under
MAC Auth control. When enabled, the switch allows
addresses to move without requiring a re-authentica-
tion. When disabled, the switch does not allow moves
and when one does occur, the user will be forced to re-
authenticate. At least two ports (from port(s) and to
port(s)) must be specified. Use the no form of the
command to disable MAC address moves between ports
under MAC Auth control. (Default: disabled – no moves
allowed)
Syntax: aaa port-access mac-based [e] < port-list > [auth-vid <vid>]
no aaa port-access mac-based [e] < port-list > [auth-vid]
Specifies the VLAN to use for an authorized client. The
Radius server can override the value (accept-response
includes a vid). If auth-vid is 0, no VLAN changes occur
unless the RADIUS server supplies one. Use the no form
of the command to set the auth-vid to 0.(Default: 0).
3-34
