Installation manual

ManualsBrandsSignaMax ManualsComputer equipmentF0-065-1200 Series

471

472

473

474

475

476

477

478

479

480

4-150

SIGNAMAX LLC • www.signamax.eu

Command Usage

• When enabled on a port, the authentication process sends a Password

Authentication Protocol (PAP) request to a configured RADIUS server. The

username and password are both equal to the MAC address being authenticated.

• On the RADIUS server, PAP username and passwords must be configured in the

MAC address format XX-XX-XX-XX-XX-XX (all in upper case).

• Authenticated MAC addresses are stored as dynamic entries in the switch secure

MAC address table and are removed when the aging time expires. The maximum

number of secure MAC addresses supported for the switch system is 1024.

• Configured static MAC addresses are added to the secure address table when

seen on a switch port. Static addresses are treated as authenticated without

sending a request to a RADIUS server.

• MAC authentication, 802.1X, and port security cannot be configured together on

the same port. Only one security mechanism can be applied.

• MAC authentication cannot be configured on trunk ports.

• When port status changes to down, all MAC addresses are cleared from the secure

MAC address table. Static VLAN assignments are not restored.

• The RADIUS server may optionally return a VLAN identifier list. VLAN identifier list

is carried in the “Tunnel-Private-Group-ID” attribute. The VLAN list can contain

multiple VLAN identifiers in the format “1u,2t,” where “u” indicates untagged VLAN

and “t” tagged VLAN. The “Tunnel-Type” attribute should be set to “VLAN,” and the

“Tunnel-Medium-Type” attribute set to “802.”

Example

network-access max-mac-count

Use this command to set the maximum number of MAC addresses that can be

authenticated on a port interface via all forms of authentication. Use the no form of this

command to restore the default.

Syntax

network-access max-mac-count count

no network-access max-mac-count

count - The maximum number of authenticated MAC addresses allowed.

(Range: 1 to 2048; 0 for unlimited)

Default Setting

2048

Command Mode

Interface Configuration

Console(config-if)#network-access mode mac-authentication

Console(config-if)#