beautypg.com

2 aaa-accounting enable, 3 dot1x accept-mac – Accton Technology ES4710BD User Manual

Page 514

background image

513

E

ES4710BD 10 Slots L2/L3/L4 Chassis Switch

Usage Guide: The AAA authentication for the switch must be enabled first to enable IEEE 802.1x

authentication for the switch.

Example: Enabling AAA function for the switch.
Switch(Config)#aaa enable

20.2.2.2 aaa-accounting

enable

Command: aaa-accounting enable

no aaa-accounting enable

Function: Enables the AAA accounting function in the switch: the "no aaa-accounting enable"

command disables the AAA accounting function.

Command mode: Global Mode
Default: AAA accounting is not enabled by default.
Usage Guide: When accounting is enabled in the switch, accounting will be performed according to

the traffic or online time for port the authenticated user is using. The switch will send
an “accounting started” message to the RADIUS accounting server on starting the
accounting, and an accounting packet for the online user to the RADIUS accounting
server every five seconds, and an “accounting stopped” message is sent to the
RADIUS accounting server on accounting end. Note: The switch send the “user
offline” message to the RADIUS accounting server only when accounting is enabled,
the “user offline” message will not be sent to the RADIUS authentication server.

Example: Enabling AAA accounting for the switch.
Switch(Config)#aaa-accounting enable

20.2.2.3 dot1x

accept-mac

Command: dot1x accept-mac <mac-address> [interface <interface-name>]

no dot1x accept-mac <mac-address> [interface <interface-name>]

Function: Adds a MAC address entry to the dot1x address filter table. If a port is specified, the

entry added applies to the specified port only. If no port is specified, the entry added
applies to all the ports. The “no dot1x accept-mac <mac-address> [interface
<interface-name>]” command deletes the entry from dot1x address filter table.

Parameters: <mac-address> stands for MAC address; <interface-name> for interface name and

port number.

Command mode: Global Mode
Default: N/A.
Usage Guide: The dot1x address filter function is implemented according to the MAC address filter

table, dot1x address filter table is manually added or deleted by the user. When a port
is specified in adding a dot1x address filter table entry, that entry applies to the port
only; when no port is specified, the entry applies to all ports in the switch. When
dot1x address filter function is enabled, the switch will filter the authentication user
by the MAC address. Only the authentication request initialed by the users in the
dot1x address filter table will be accepted, the rest will be rejected.

Example: Adding MAC address 00-01-34-34-2e-0a to the filter table of Ethernet 1/5.
Switch(Config)#dot1x accept-mac 00-01-34-34-2e-0a interface ethernet 1/5

See also other documents in the category Accton Technology Computer Accessories: