Product guide
7-25
Configuring RADIUS Server Support for Switch Services
Configuring and Using RADIUS-Assigned Access Control Lists
MAC Authentication Option:
Syntax: aaa port-access mac-based < port-list >
This command configures MAC authentication on the switch and
activates this feature on the specified ports. For more on MAC
authentication, refer to chapter 4, “Web and MAC Authentica-
tion”.
Web Authentication Option:
Syntax: aaa port-access web-based < port-list >
This command configures Web authentication on the switch and
activates this feature on the specified ports. For more on Web
authentication, refer to chapter 4, “Web and MAC Authentica-
tion”.
Displaying the Current Dynamic Port ACL Activity
on the Switch
These commands output data indicating the current ACL activity imposed per-
port by RADIUS server responses to client authentication.
For example, the following output shows that a RADIUS server has assigned
an ACL to port B1 to filter inbound traffic from an authenticated client
identified by a MAC address of 00-11-85-C6-54-7D.
Syntax: show access-list radius < port-list >
For the specified ports, this command lists the explicit ACEs, switch port, and client MAC
address for each ACL dynamically assigned by a RADIUS server as a response to client
authentication. If cnt (counter) is included in an ACE, then the output includes the current
number of inbound packet matches the switch has detected in the current session for that
ACE.
Note: If there are no ACLs currently assigned to any port in < port-list >, executing this
command returns only the system prompt. If a client authenticates but the server does not
return a dynamic port ACL to the client port, then the server does not have a valid ACL
configured and assigned to that client’s authentication credentials.