Installation manual
3-105
SIGNAMAX LLC • www.signamax.eu
CLI – This example sets and displays the reauthentication time.
Configuring MAC Authentication for Ports
Configures MAC authentication on switch ports, including setting the maximum MAC
count, applying a MAC address filter, and enabling dynamic VLAN assignment.
Command Attributes
• Mode – Enables MAC authentication on a port. (Default: None)
• Maximum MAC Count – Sets the maximum number of MAC addresses that can be
authenticated on a port. The maximum number of MAC addresses per port is 2048, and
the maximum number of secure MAC addresses supported for the switch system is
1024. When the limit is reached, all new MAC addresses are treated as authentication
failed. (Default: 2048; Range: 1 to 2048)
• Guest VLAN – Specifies the VLAN to be assigned to the port when MAC Authentication
or 802.1X Port Authentication fails. The VLAN must already be created and active.
(Default: Disabled; Range: 1 to 4094)
The VLAN must already be created and active (see “Creating VLANs” on page 3-184).
Also, when used with 802.1X authentication, intrusion action must be set for “Guest
VLAN” (see “Configuring Port Settings for 802.1X” on page 3-90).
• Dynamic VLAN – Enables dynamic VLAN assignment for an authenticated port. When
enabled, any VLAN identifiers returned by the RADIUS server are applied to the port,
providing the VLANs have already been created on the switch. (GVRP is not used to
create the VLANs.) (Default: Enabled)
The VLAN settings specified by the first authenticated MAC address are implemented
for a port. Other authenticated MAC addresses on the port must have the same VLAN
configuration, or they are treated as authentication failures.
If dynamic VLAN assignment is enabled on a port and the RADIUS server returns no
VLAN configuration, the authentication is still treated as a success, and the host
assigned to the default untagged VLAN.
When the dynamic VLAN assignment status is changed on a port, all authenticated
addresses are cleared from the secure MAC address table.
Console(config)#mac-authentication reauth-time 3000 4-152
Console(config)#exit
Console#show network-access interface ethernet 1/1 4-154
Global secure port information
Reauthentication Time : 3000
--------------------------------------------------
--------------------------------------------------
Port : 1/1
MAC Authentication : Disabled
MAC Authentication Intrusion action : Block traffic
MAC Authentication Maximum MAC Counts : 1024
Maximum MAC Counts : 2048
Dynamic VLAN Assignment : Enabled
Guest VLAN : Disabled
Console#