User's Manual

Table Of Contents
Advanced Configuration
5-15
5
CLI Commands for Local MAC Authentication – Use the mac-authentication
server command from the global configuration mode to enable local MAC
authentication. Use the mac-authentication session-timeout command to set the
authentication interval. Set the default action for MAC addresses not in the local
table using the address filter default command, then enter MAC addresses in the
local table using the address filter entry command. To remove an entry from the
table, use the address filter delete command. To display the current settings, use
the show authentication command from the Exec mode.
Enterprise AP(config)#mac-authentication server local 6-72
Enterprise AP(config)#mac-authentication session-timeout 5 6-72
Enterprise AP(config)#address filter default denied 6-70
Enterprise AP(config)#address filter entry
00-70-50-cc-99-1a denied
6-71
Enterprise AP(config)#address filter entry
00-70-50-cc-99-1b allowed
Enterprise AP(config)#address filter entry
00-70-50-cc-99-1c allowed
Enterprise AP(config)#address filter delete
00-70-50-cc-99-1c
6-71
Enterprise AP(config)#exit
Enterprise AP#show authentication
6-68
Authentication Information
===========================================================
MAC Authentication Server : LOCAL
MAC Auth Session Timeout Value : 0 min
802.1x supplicant : DISABLED
802.1x supplicant user : EMPTY
802.1x supplicant password : EMPTY
Address Filtering : DENIED
System Default : ALLOW addresses not found in filter table.
Filter Table
MAC Address Status
----------------- ----------
00-70-50-cc-99-1a DENIED
00-70-50-cc-99-1b ALLOWED
=========================================================
Enterprise AP#