Network-access mode mac- authentication, Network-access mode mac-authentication, Network-access mode mac – LevelOne GTL-2691 User Manual

C

HAPTER

29

| General Security Measures

Network Access (MAC Address Authentication)

– 935 –

C

OMMAND

M

ODE

Interface Configuration

C

OMMAND

U

SAGE

The maximum number of MAC addresses per port is 1024, and the

maximum number of secure MAC addresses supported for the switch

system is 1024. When the limit is reached, all new MAC addresses are

treated as authentication failures.

E

XAMPLE

Console(config-if)#network-access max-mac-count 5

Console(config-if)#

network-access

mode mac-

authentication

Use this command to enable network access authentication on a port. Use

the no form of this command to disable network access authentication.

S

YNTAX

[no] network-access mode mac-authentication

D

EFAULT

S

ETTING

Disabled

C

OMMAND

M

ODE

Interface Configuration

C

OMMAND

U

SAGE

◆

When enabled on a port, the authentication process sends a Password

Authentication Protocol (PAP) request to a configured RADIUS server.

The user name and password are both equal to the MAC address being

authenticated.

◆

On the RADIUS server, PAP user name and passwords must be

configured in the MAC address format XX-XX-XX-XX-XX-XX (all in upper

case).

◆

Authenticated MAC addresses are stored as dynamic entries in the

switch secure MAC address table and are removed when the aging time

expires. The maximum number of secure MAC addresses supported for

the switch system is 1024.

◆

Configured static MAC addresses are added to the secure address table

when seen on a switch port. Static addresses are treated as

authenticated without sending a request to a RADIUS server.

◆

MAC authentication, 802.1X, and port security cannot be configured

together on the same port. Only one security mechanism can be

applied.

◆

MAC authentication cannot be configured on trunk ports.