Manualshelf

Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806
421422423424425426427428429430
422 | Chapter 16. Network Login
NETGEAR 8800 User Manual
will be used to authenticate the client. All entries in the list are automatically sorted in longest
prefix order. All passwords are stored and showed encrypted.
You can associate a MAC address with one or more ports. By learning a MAC address, the
port confirms the supplicant before sending an authorization request to the RADIUS server.
This additional step protects your network against unauthorized supplicants because the port
accepts only authorization requests from the MAC address learned on that port. The port
blocks all other requests that do not have a matching entry.
This section describes the following topics:
Enabling and Disabling MAC-Based Network Login on page 422
Associating a MAC Address to a Specific Port on page 422
Adding and Deleting MAC Addresses on page 423
Displaying the MAC Address List on page 423
Configuring Reauthentication Period on page 424
Secure MAC Configuration Example on page 424
MAC-Based Network Login Configuration Example on page 425
Enabling and Disabling MAC-Based Network Login
To enable MAC-based network login on the switch, use the following command:
enable netlogin mac
Any combination of types of authentication can be enabled on the same switch. At least one
of the authentication types must be specified on the CLI.
To disable MAC-based network login on the switch, use the following command:
disable netlogin mac
To enable MAC-based network login on one or more ports, use the following command:
enable netlogin ports <portlist> mac
Network Login must be disabled on a port before you can delete a VLAN that contains that
port. To disable MAC-based network login on one or more ports, use the following command:
disable netlogin ports <portlist> mac
Associating a MAC Address to a Specific Port
You can configure the switch to accept and authenticate a client with a specific MAC address.
Only MAC addresses that have a match for the specific ports are sent for authentication. For
example, if you associate a MAC address with one or more ports, only authentication
requests for that MAC address received on the port(s) are sent to the configured RADIUS
server or local database. The port(s) block all other authentication requests that do not have
a matching entry. This is also known as secure MAC.