Dot1x mac-authentication – Allied Telesis AT-S95 CLI (AT-8000GS Series) User Manual

802.1x Commands

Page 387

Example

The following example defines VLAN 2 as a guest VLAN.

dot1x mac-authentication

The mac-authentication Interface Configuration mode command enables authentication based on the station's
MAC address. Use the no form of this command to disable MAC authentication.

Syntax

dot1x mac-authentication {mac-only | mac-and-802.1x}

no dot1x mac-authentication

Parameters
•

mac-only — Enable authentication based on the station's MAC address only. 802.1X frames are ignored.

•

mac-and-802.1x — Enable 802.1X authentication and MAC address authentication on the interface.

Default Configuration

Disabled.

Command Mode

Interface configuration (Ethernet)

User Guidelines

Guest VLAN must be enabled when MAC authentication is enabled.

Static MAC addresses can't be authorized. Do not change authenticated MAC address to static address.

It is not recommended to delete authenticated MAC addresses.

Reauthentication must be enabled when working in this mode.

Example

The following example enables authentication based on the station's MAC address.

console#

console# configure

console(config)# vlan database

console(config-vlan)# vlan 2

console(config-vlan)# exit

console(config)# interface vlan 2

console(config-if)# dot1x guest-vlan

console# configure

console(config)# interface ethernet 1/g1

console(config-if)# dot1x mac-authentication