Alcatel-Lucent 6850-48 参照ガイド
AAA Commands
page 58-28
OmniSwitch CLI Reference Guide
September 2009
aaa authentication mac
Enables/Disables the switch for MAC authentication. This type of authentication is available in addition to
802.1x authentication and is designed to handle devices that do not support an 802.1x authentication
method (non-supplicants).
802.1x authentication and is designed to handle devices that do not support an 802.1x authentication
method (non-supplicants).
aaa authentication MAC server1 [server2] [server3] [server4]
no aaa authentication MAC
Syntax Definitions
server1
The name of the RADIUS authentication server used for MAC authenti-
cation. (Note that only RADIUS servers are supported for MAC authen-
tication.) At least one server is required. RADIUS server names are set
up through the
cation. (Note that only RADIUS servers are supported for MAC authen-
tication.) At least one server is required. RADIUS server names are set
up through the
command.
server2...server4
The names of backup servers used for MAC authentication. Up to 3
backups may be specified; include a space between each server name.
These backups are only used if server1 becomes unavailable. They are
polled in the order they are listed in this command. The first available
server becomes the authentication server.
backups may be specified; include a space between each server name.
These backups are only used if server1 becomes unavailable. They are
polled in the order they are listed in this command. The first available
server becomes the authentication server.
Defaults
N/A
Platforms Supported
OmniSwitch 6400, 6850, 6855, 9000, 9000E
Usage Guidelines
• Up to 4 RADIUS servers (total) may be specified. At least one server is required. Each server name
should be separated by a space.
• Use the no form of this command to disable MAC authentication for the switch.
• The switch uses only the first available server in the list to check for user information. For example, if
server1 is not available, the switch will poll server2. If user information is not found on the first avail-
able server, the authentication request will fail.
able server, the authentication request will fail.
command.
• MAC authentication verifies the source MAC address of a non-supplicant device via a remote
RADIUS server. Similar to 802.1x authentication, this method sends RADIUS frames to the server
with the MAC address embedded in the username and password attributes.
with the MAC address embedded in the username and password attributes.
• Note that the same RADIUS servers can be used for 802.1x (supplicant) and MAC (non-supplicant)
authentication. Using different servers for each type of authentication is allowed but not required.
• Use the
command to enable or disable ports for 802.1X. Use the
command to configure a MAC authentication policy for a dedicated
802.1X port.