Configuring the Switch
3-94
3
Configuring the MAC Authentication Reauthentication Time
MAC address authentication is configured on a per-port basis, however there are
two configurable parameters that apply globally to all ports on the switch.
Command Attributes
• Authenticated Age – The secure MAC address table aging time. This parameter
setting is the same as switch MAC address table aging time and is only
configurable from the Address Table, Aging Time web page (see page 3-136).
(Default: 300 seconds)
• MAC Authentication Reauthentication Time – Sets the time period after which
a connected MAC address must be reauthenticated. When the reauthentication
time expires for a secure MAC address, it is reauthenticated with the RADIUS
server. During the reauthentication process traffic through the port remains
unaffected. (Default: 1800 seconds; Range: 120-1000000 seconds)
Web – Click Security, Network Access, Configuration.
Figure 3-61 Network Access Configuration
CLI – This example sets and displays the reauthentication time.
Configuring MAC Authentication for Ports
Configures MAC authentication on switch ports, including setting the maximum MAC
count, applying a MAC address filter, and enabling dynamic VLAN assignment.
Command Attributes
• Mode – Enables MAC authentication on a port. (Default: None)
Console(config)#mac-authentication reauth-time 3000 4-127
Console(config)#exit
Console#show network-access interface ethernet 1/1 4-128
Global secure port information
Reauthentication Time : 1800
--------------------------------------------------
--------------------------------------------------
Port : 1/1
MAC Authentication : Disabled
MAC Authentication Intrusion action : Block traffic
MAC Authentication Maximum MAC Counts : 1024
Maximum MAC Counts : 2048
Dynamic VLAN Assignment : Enabled
Guest VLAN : Disabled
Console#