Specifications
mac-authentication force-authorized vlan
500
3. Set a VLAN ID for which mac-based (MAC VLAN) has been set in the vlan
command.
4. Be especially careful when using this functionality, as it can pose a security problem.
5. This command is enabled when the following condition exists:
All the following configurations have been set:
-
radius-server host or mac-authentication radius-server host
- mac-authentication system-auth-control
- mac-authentication port
#1, #4
-
2mac-authentication interface
#2
-
mac-authentication vlan
#2, #3
-
vlan <VLAN ID list> mac-based
#3
-
mac-authentication force-authorized vlan
#3, #4
-
switchport mac vlan
#2, #3, #4
-
switchport mode mac-vlan
#4
-
aaa authentication mac-authentication
#5
-
mac-authentication authentication
#6
#1
Set this command when using dynamic VLAN mode.
#2
Set this command when using legacy mode.
#3
Set the same VLAN ID for commands marked
#3
.
#4
Specify the same Ethernet port.
- The following accounting log data is collected when an authentication
request is sent to the RADIUS server:
No=21:
NOTICE:
LOGIN:(<Additional information>) Login failed ;
Failed to connection to RADIUS server.
<Additional information>:
MAC, PORT, VLAN
The accounting log data can be confirmed by using the
show
mac-authentication logging operation command.
#5
When forced authentication is used as the Switch default, set only
default
group radius.
#6
When forced authentication is used for the port-based authentication method,
set
aaa authentication mac-authentication <List name>.
6. The forced authentication authorization state is canceled if authentication for the
applicable terminal is canceled.
7. Before issuing private traps, you must use the
snmp-server host command to set
the destination IP address for traps and
mac-authentication.
8. If either of the following commands has already been set, this command cannot be
set: