4-49
Web and MAC Authentication
Configuring MAC Authentication on the Switch
Configuration Commands for MAC Authentication
Configuring the Global MAC Authentication Password
MAC authentication only requires that an entry is placed in the user database
with the device’s MAC address as both the username and the password,
creating the opportunity for malicious device spoofing using the readily
available MAC address. To make spoofing more difficult, the global password
option allows a network administrator to configure a common MAC authen-
tication password that is used for all MAC authentications sent to the RADIUS
server.
When implementing the global MAC authentication password option, it is
important that the user database on the RADIUS server has the MAC authen-
tication password as the password for each device performing MAC authen-
tication.
Use this command to configure the global MAC authentication password.
Command Page
Configuration Level
aaa port-access mac-based addr-format 4-49
[no] aaa port-access mac-based password <password-value> below
[no] aaa port-access mac-based [e] < port-list >4-51
[addr-limit] 4-52
[addr-moves] 4-52
[auth-vid] 4-52
[logoff-period] 4-52
[max-requests] 4-52
[quiet-period] 4-53
[reauth-period] 4-53
[reauthenticate] 4-53
[server-timeout] 4-53
[unauth-vid] 4-53
Syntax: [no] aaa port-access mac-based password <password-value>
Specifies the global password to be used by all MAC
authenticating devices.
The no form of the command disables the feature.
To Next Page
Loading...
Need help?
General