Specifications
authentication ip access-group
355
authentication ip access-group
Applies the IPv4 access list specified by using this command to IP packets received from
unauthenticated terminals, and relays only the matched (permitted) packets to other ports.
IP packets that match (permitted) the IPv4 access list specified by using this command are
not subject to URL redirection.
This command can be used in the following authentication modes:
IEEE 802.1X: Port-based authentication (static), port-based authentication
(dynamic)
Web authentication: Fixed VLAN mode, dynamic VLAN mode
MAC-based authentication: Fixed VLAN mode or dynamic VLAN mode
Syntax
To set information:
authentication ip access-group <ACL ID>
To delete information:
no authentication ip access-group
Input mode
(config-if)
Parameters
<ACL ID>
Specifies the identifier of the IPv4 packet filter to be used to restrict output of packets
to ports that are not subject to authentication. This parameter can specify one IPv4
packet filter identifier for a Switch.
1. Default value when this parameter is omitted:
This parameter cannot be omitted.
2. Range of values:
Specify an access list name that is 3 to 31 characters. For details about the
characters that can be specified, see Specifiable values for parameters.
Default behavior
IPv4 packets received from unauthenticated terminals are not relayed.
Impact on communication
None
When the change is applied
The change is applied immediately after setting values are changed.
Notes
1. One access list name can be set for a Switch by using this command.
2. When setting this command, you must set one of the following commands for the
applicable port in advance:
dot1x port-control
web-authentication port