11.1.2 Configuration of Fixed VLAN
- <Structure of this section>
(1) Basic settings for the local authentication method
The following figure shows the basic configuration required to use local authentication in fixed VLAN mode.
|
(a) Configuring Authentication Ports
- Points to note
-
Configure the port to be used for MAC-based authentication.
Command examples
-
(config)# interface gigabitethernet 1/0/3
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
(config-if)# mac-authentication port
(config-if)# exit
Configures MAC-based authentication at a port where a terminal will be authenticated.
(b) Configuring MAC Authorization
- Points to note
-
Enable MAC-based authentication by using configuration commands.
Command examples
-
(config)# mac-authentication system-auth-control
Starts MAC-based authentication.
(2) Basic settings for RADIUS authentication method
The following figure shows the basic configuration required to use RADIUS authentication in fixed VLAN mode.
|
(a) Configuring Authentication Ports
- Points to note
-
Configure the port to be used for MAC-based authentication.
Command examples
-
(config)# interface gigabitethernet 1/0/3
(config-if)# switchport mode access
(config-if)# switchport access vlan 10
(config-if)# mac-authentication port
(config-if)# exit
Configures MAC-based authentication at a port where a terminal will be authenticated.
(b) Configuring MAC Authorization
- Points to note
-
Enable MAC-based authentication by using configuration commands.
Command examples
-
(config)# aaa authentication mac-authentication default group radius
(config)# mac-authentication radius-server host 192.168.10.200 key "macauth"
Specifies the IP address and RADIUS key used to access the RADIUS server to perform authentication.
-
(config)# mac-authentication system-auth-control
Starts MAC-based authentication.