Specifications
web-authentication force-authorized vlan
424
3. Set a VLAN ID for which mac-based (MAC VLAN) has been set in the vlan
command.
4. Be especially careful when using this functionality, as it can pose a security problem.
5. This command is enabled when the following condition exists:
All the following configurations have been set:
-
radius-server host or web-authentication radius-server host
- web-authentication system-auth-control
- web-authentication port
#1, #4
-
web-authentication vlan
#2, #3
-
vlan <VLAN ID> mac-based
#3
-
web-authentication force-authorized vlan
#3, #4
-
switchport mac vlan
#2, #3, #4
-
switchport mode mac-vlan
#4
-
aaa authentication web-authentication
#5
-
web-authentication authentication
#6
#1
Set this configuration when using dynamic VLAN mode.
#2
Set this command when using legacy mode.
#3
Set the same VLAN ID for commands marked
#3
.
#4
Specify the same Ethernet port.
- The following accounting log data is collected when an authentication
request is sent to the RADIUS server:
No=21:
NOTICE:LOGIN:(additional information) Login failed ; Failed to
connection to RADIUS server.
additional-information:MAC, USER, IP, PORT or CHGR, VLAN
Check the account log with the show web-authentication logging
operation command.
#5
When forced authentication is used as the Switch default, set only
default
group radius.
#6
Set
aaa authentication web-authentication <List name> for forced
authentication that uses the port-based authentication method.
6. The authorized forced authentication state is canceled if the applicable user logs out.
7. When private traps are issued, use the
snmp-server host command to set the
destination IP address for traps and
web-authentication.
8. If either of the following commands has already been set, this command cannot be
set:
authentication force-authorized enable
authentication force-authorized vlan