Configuring MAC authentication port parameters

Note:

MAC authentication is only supported on 7210 SAS-Dxp.

The 7210 SAS supports a fallback MAC authentication mechanism for client devices (for example, PCs and cameras) on an Ethernet network that do not support 802.1x EAP.

MAC authentication provides protection against unauthorized access by forcing the device connected to the 7210 SAS to have its MAC address authenticated by a RADIUS server before the device is able to transmit packets through the 7210 SAS.

Use the following CLI syntax to configure MAC authentication for an Ethernet port.

port port-id ethernet
         dot1x
             mac-auth
             mac-auth-wait seconds
             port-control auto
             quiet-period seconds
             radius-plcy name

Example: Command usage to configure MAC authentication for an Ethernet port

config# port 1/1/2 ethernet dot1x
config>port>ethernet>dot1x# mac-auth
config>port>ethernet>dot1x# mac-auth-wait 20
config>port>ethernet>dot1x# port-control auto
config>port>ethernet>dot1x# quiet-period 60
config>port>ethernet>dot1x# radius-plcy dot1xpolicy

Example: Sample port configuration output

Use the info detail command to display port configuration information.

SAS-T>config>port>ethernet>dot1x# info detail
----------------------------------------------
             port-control auto
             radius-plcy dot1xpolicy
             re-authentication
             re-auth-period 3600
             max-auth-req 2
             transmit-period 30
             quiet-period 60
             supplicant-timeout 30
             server-timeout 30
             mac-auth
             mac-auth-wait 20
----------------------------------------------
SAS-T>config>port>ethernet>dot1x#
Parent topic: Configuring Ethernet port parameters