Command Line Interface
4-94
4
Network Access
The Network Access feature controls host access to the network by authenticating
its MAC address on the connected switch port. Traffic received from a specific MAC
address is forwarded by the switch only if the source MAC address is successfully
authenticated by a central RADIUS server. While authentication for a MAC address
is in progress, all traffic is blocked until authentication is completed. On successful
authentication, the RADIUS server may optionally assign VLAN settings for the
switch port.
network-access mode
Use this command to enable network access authentication on a port interface. Use
the no form of this command to disable authentication.
Syntax
[no] network-access mode mac-authentication
Default Setting
Disabled
Command Mode
Interface Configuration
Table 4-33 Network Access
Command Function Mode Page
network-access mode Enables MAC authentication on an interface IC 4-94
network-access
max-mac-count
Sets a maximum for authenticated MAC addresses on an
interface
IC 4-95
network-access mac-filter Configures a MAC address filter GC 4-96
network-access
port-mac-filter
Binds a MAC address filter to an interface IC 4-97
network-access
dynamic-vlan
Enables dynamic VLAN assignment from a RADIUS
server
IC 4-97
mac-authentication
reauth-time
Sets the time period after which a connected MAC
address must be re-authenticated
GC 4-98
clear network-access Clears authenticated MAC addresses from the address
table
PE 4-99
show network-access Displays the MAC authentication settings for port
interfaces
PE 4-99
show network-access
mac-filter
Displays the configuration of MAC authentication filters PE 4-100
show network-access
mac-address-table
Displays information for entries in the secure MAC
address table
PE 4-100