10.4.1 Preparing the Embedded MAC Authentication DB

(1) Creating an Embedded MAC Authentication DB

You can use the set mac-authentication mac-address operation command to register a MAC address and VLAN ID in the internal MAC-based authentication DB. If required, you can later use the remove mac-authentication mac-address operation command to delete a MAC address you registered.

Additions or changes to the database do not take effect until you execute the commit mac-authentication operation command.

Note that additions or changes committed to the internal MAC-based authentication DB by the commit mac-authentication operation command do not apply to authentication sessions that are already in progress. They will apply the next time the terminal is authenticated.

Notes

When using an internal MAC-based authentication DB in dynamic VLAN mode, keep the following in mind when you register information in the database:

• When you register a MAC address, you must also specify a VLAN ID. If you fail to do so, authentication attempts by that MAC address will end in an error.

• If the same MAC address is associated with more than one VLAN ID in the database, the VLAN ID with the smallest numerical value serves as the post-authentication VLAN for that MAC address.

• Do not specify 1 as the VLAN ID for a MAC address. VLAN ID 1 cannot be assigned to a MAC VLAN, and attempts to authenticate the MAC address will end in an error.

(2) Backing Up the Embedded MAC Authorization DB

You can use the store mac-authentication operation command to back up the internal MAC-based authentication DB you created for use in local authentication.

(3) Restoring the Embedded MAC Authorization DB

You can use the load mac-authentication operation command to restore the internal MAC-based authentication DB from a backup file you created. Keep in mind that any recent additions or changes you made using the set mac-authentication mac-address operation command will be lost and replaced with the contents of the backup file.