Enterasys Networks 1G58x-09 ユーザーズマニュアル
Security Configuration Command Set
Configuring MAC Authentication
14-30
Examples
This example shows how to enable EAPOL:
This example shows how to enable EAPOL with forced unauthorized mode on Fast Ethernet front
panel port 1:
panel port 1:
14.3.3 Configuring MAC Authentication
Purpose
To review, disable, enable and configure MAC authentication. This allows the device to
authenticate source MAC addresses in an exchange with an authentication server. The authenticator
(switch) selects a source MAC seen on a MAC-authentication enabled port and submits it to a
backend client for authentication. The backend client uses the MAC address stored password, if
required, as credentials for an authentication attempt. If accepted, a string representing an access
policy may be returned. If present, the switch applies the associated policy rules. For an overview
on working with MAC authentication, refer to
authenticate source MAC addresses in an exchange with an authentication server. The authenticator
(switch) selects a source MAC seen on a MAC-authentication enabled port and submits it to a
backend client for authentication. The backend client uses the MAC address stored password, if
required, as credentials for an authentication attempt. If accepted, a string representing an access
policy may be returned. If present, the switch applies the associated policy rules. For an overview
on working with MAC authentication, refer to
Commands
The commands needed to review, enable, disable, and configure MAC authentication are listed
below and described in the associated section as shown:
below and described in the associated section as shown:
•
show macauthentication (
•
show macauthentication session (
)
•
set macauthentication (
)
Matrix>set eapol enable
Matrix>set eapol auth-mode forced-unauthorized fe.0.1
NOTES: When both 802.1X (EAPOL) and MAC authentication are enabled on the
same Matrix E1 device, the switch enforces a precedence relationship between MAC
authentication and 802.1X methods. For more information on these precedence rules,
refer to
same Matrix E1 device, the switch enforces a precedence relationship between MAC
authentication and 802.1X methods. For more information on these precedence rules,
refer to
The Matrix E1 MAC authentication commands have no direct interdependencies with
the MAC locking commands described in
the MAC locking commands described in
. When a frame arrives at a
port, the Matrix E1 device runs the MAC locking algorithm first. If the frame passes the
MAC lock (i.e., it is not in violation), then the frame is eligible for authentication.
MAC lock (i.e., it is not in violation), then the frame is eligible for authentication.