The 7705 SAR supports a fallback MAC authentication mechanism for client devices (for example, PCs and STBs) on an Ethernet network that do not support 802.1x EAP.
MAC authentication provides protection against unauthorized access by forcing the device connected to the 7705 SAR to have its MAC address authenticated by a RADIUS server before it is able to transmit packets through the 7705 SAR.
Use the following CLI syntax to configure MAC authentication for an Ethernet port:
port port-id ethernet
dot1x
mac-auth
mac-auth-wait seconds
port-control auto
quiet-period seconds
radius-plcy name
The following CLI syntax shows an example of configuring MAC authentication for an Ethernet port:
config# port 1/5/2 ethernet dot1x
config>port>ethernet>dot1x# mac-auth
config>port>ethernet>dot1x# mac-auth-wait 20
config>port>ethernet>dot1x# port-control auto
config>port>ethernet>dot1x# quiet-period 60
config>port>ethernet>dot1x# radius-plcy dot1xpolicy
Use the info detail command to display port configuration information.
ALU-A>config>port>ethernet>dot1x# info detail
----------------------------------------------
port-control auto
radius-plcy dot1xpolicy
re-authentication
re-auth-period 3600
max-auth-req 2
transmit-period 30
quiet-period 60
supplicant-timeout 30
server-timeout 30
mac-auth
mac-auth-wait 20
----------------------------------------------
ALU-A>config>port>ethernet>dot1x#