11.1.3 Dynamic VLAN mode configuration
- <Structure of this section>
(1) Basic settings for the local authentication method
The following figure shows the basic configuration required to use local authentication in dynamic VLAN mode.
|
|
![[Figure Data]](./GRAPHICS/ZU208570.GIF)
(a) Configuring Authentication Ports
- Points to note
-
Configure the port to be used for MAC-based authentication.
Command examples
-
(config)# interface range gigabitethernet 1/0/3-4
(config-if-range)# switchport mode mac-vlan
(config-if-range)# switchport mac native vlan 10
(config-if-range)# mac-authentication port
(config-if-range)# exit
Configures MAC-based authentication at a port where a terminal will be authenticated.
(b) Configuring MAC Authorization
- Points to note
-
Enable MAC-based authentication by using configuration commands.
Command examples
-
(config)# mac-authentication system-auth-control
Starts MAC-based authentication.
(2) Basic settings for RADIUS authentication method
The following figure shows the basic configuration required to use RADIUS authentication in dynamic VLAN mode.
|
|
![[Figure Data]](./GRAPHICS/ZU208580.GIF)
(a) Configuring Authentication Ports
- Points to note
-
Configure the port to be used for MAC-based authentication.
Command examples
-
(config)# interface range gigabitethernet 1/0/3-4
(config-if-range)# switchport mode mac-vlan
(config-if-range)# switchport mac native vlan 10
(config-if-range)# mac-authentication port
(config-if-range)# exit
Configures MAC-based authentication at a port where a terminal will be authenticated.
(b) Configuring MAC Authorization
- Points to note
-
Enable MAC-based authentication by using configuration commands.
Command examples
-
(config)# aaa authentication mac-authentication default group radius
(config)# mac-authentication radius-server host 192.168.10.200 key "macauth"
Specifies the IP address and RADIUS key used to access the RADIUS server to perform authentication.
-
(config)# mac-authentication system-auth-control
Starts MAC-based authentication.