beautypg.com

Mac-auth – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 779

background image

766

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

7

rfs7000-37FABE(config-profile-default-rfs7000)#

Related Commands:

mac-auth

Profile Config Commands

Enables or disables authentication of a client’s MAC address on wired ports. When configured,
MAC authentication will be enabled on devices using this profile.

To enable MAC address authentication on a device, enter the device’s configuration mode and
execute the mac-auth command.

When enabled, the source MAC address of a device, connected to the specified wired port, is
authenticated with the RADIUS server. Once authenticated the device is permitted access to the
managed network and packets from the authenticated source are processed. If not authenticated
the device is either denied access or provided guest access through the guest VLAN (provided
guest VLAN access is configured on the port).

Enabling MAC authentication requires you to first configure a AAA policy specifying the RADIUS
server. Configure the client’s MAC address on the specified RADIUS server. Attach this AAA policy to
a profile or a device. Finally, enable MAC authentication on the desired wired port of the device or
device-profile.

Only one MAC address is supported for every wired port. Consequently, when one source MAC
address is authenticated, packets from all other sources are dropped.

To enable client MAC authentication on a wired port:

1. Configure the user on the RADIUS server. The following examples create a RADIUS server user

entry.

a. (config)#radius-group

(config-radius-group-)#policy vlan

b. (config)#radius-user-pool-policy

(config-radius-user-pool-)#user

password group

Note: The and should be the client’s MAC
address. This address will be matched against the MAC address of incoming
traffic at the specified wired port.

c. (config)#radius-server-policy

(config-radius-server-policy-)#use

radius-user-pool-policy

2. Configure a AAA policy exclusively for wired MAC authentication and specify the authentication

(RADIUS) server settings. The following example creates a AAA policy ‘macauth’ and enters its
configuration mode:

(config)#aaa-policy macauth

(config-aaa-policy-macauth)#...

Specify the RADIUS server details.

no

Disables or reverts settings to their default

See also other documents in the category Brocade Computer Accessories: