Specifications
Security Options 91
Chapter 5
aaa captive-portal default-role "employee"
aaa captive-portal guest-logon
aaa captive-portal user-logon
aaa captive-portal logout-popup-window
no aaa captive-portal protocol-http
aaa captive-portal redirect-pause 10
aaa captive-portal logon-wait range 5 10
aaa captive-portal logon-wait cpu-utilization 60
aaa captive-portal max-authentication-failures 0
aaa captive-portal auth-server Internal
MAC Address Role Mapping
MAC Address “Role Mapping” provides identification of clients based on MAC
address and subsequent mapping to a role. This feature should not be
considered “authentication”, since no secure password is used. Additionally,
MAC addresses are not a secure form of identification, since they can easily
be modified by client devices. This feature should always be combined with
L2 encryption and appropriately restrictive firewall policies. To configure MAC
address role mapping, navigate to
Configuration > Security > Authentication
Methods > MAC Address,
as shown in the figure below.
FIGURE 5-22 MAC Address Role Mapping
Available configuration parameters are:
Authentication Enabled – Enables or disables MAC address role mapping.