11.1.1 Command list
The following tables list the commands used to configure MAC-based authentication.
Command name |
Description |
---|---|
aaa accounting mac-authentication default start-stop group radius |
Enables RADIUS accounting for MAC-based authentication. |
aaa authentication mac-authentication default group radius |
Specifies RADIUS as the authentication method for MAC-based authentication. |
mac-authentication auth-interval-timer |
Specifies the time that the switch waits before processing another authentication request from a MAC address that failed authentication. |
mac-authentication auto-logout |
Disables the functionality that clears the authentication status of a terminal when there has been no access from its MAC address for a length of time. |
mac-authentication dot1q-vlan force-authorized |
Exempts tagged frames from authentication when switchport mac dot1q vlan is configured for the MAC port. |
mac-authentication dynamic-vlan max-user |
Specifies the maximum number of MAC addresses that can be authenticated in dynamic VLAN mode. |
mac-authentication id-format |
Sets MAC addressing format for requesting authentication from RADIUS servers when RADIUS authentication method is used. |
mac-authentication logging enable |
Sends MAC-based authentication operation log messages to syslog servers or email addresses (using E-Mail). |
mac-authentication login-failed-logging disable |
Suppresses outputting the authentication log when authentication fails with MAC authentication. |
mac-authentication max-timer |
Specifies the maximum connection time for MAC-based authentication users. |
mac-authentication password |
Specifies the password used when submitting requests to the RADIUS server. |
mac-authentication port |
Configures a port to perform MAC-based authentication. |
mac-authentication radius-server host |
Specifies the IP address and other information about the RADIUS server used in the MAC-based authentication process. |
mac-authentication static-vlan max-user |
Specifies the maximum number of authenticated MAC addresses permitted in fixed VLAN mode. |
mac-authentication system-auth-control |
Starts the MAC-based authentication daemon. |
mac-authentication vlan-check |
Specifies that MAC-based authentication use the VLAN ID in addition to the MAC address as credentials. |
The following tables list the operation commands for MAC-based authentication.
Command name |
Description |
---|---|
show mac-authentication login |
Shows the MAC addresses currently authenticated by MAC-based authentication. |
show mac-authentication logging |
Shows the operating log information for MAC-based authentication. |
show mac-authentication |
Shows the configuration for MAC-based authentication. |
show mac-authentication statistics |
Shows statistics. |
clear mac-authentication auth-state mac-address |
Forcibly clears the authentication status of authenticated terminals. |
clear mac-authentication logging |
Clears the operating log information for MAC-based authentication. |
clear mac-authentication statistics |
Clears the statistics. |
set mac-authentication mac-address |
Registers a MAC address in the internal MAC-based authentication DB. |
remove mac-authentication |
Deletes a MAC address from the internal MAC-based authentication DB. |
commit mac-authentication |
Commits the internal MAC-based authentication DB to flash memory. |
show mac-authentication mac-address |
Shows the contents of the internal MAC-based authentication DB. |
store mac-authentication |
Backs up the internal MAC-based authentication DB. |
load mac-authentication |
Restores the internal MAC-based authentication DB from a backup file. |
clear mac-authentication dead-interval-timer |
Directs the switch to return to accessing the first RADIUS server, having moved on to another RADIUS server as a result of the dead interval functionality. |
restart mac-authentication |
Restarts the MAC-based authentication program. |
dump protocols mac-authentication |
Creates a dump file of information related to MAC-based authentication. |