authentication ip access-group
authentication ip access-group
When the Layer 2 authentication functionality is used, set this command to output only the
packets specified by applying the IPv4 access list of the IP packets destined for another
device sent from an unauthenticated terminal to a non-authenticating port.
This command can be used in the following authentication modes:
IEEE 802.1X: Port-based authentication (static), port-based authentication (dynamic)
Web authentication: Fixed VLAN mode, dynamic VLAN mode
MAC-based authentication: Fixed VLAN mode, dynamic VLAN mode
Input format
To set information:
authentication ip access-group
To delete information:
no authentication ip access-group
Input mode
(config-if)
Parameters
<ACL ID>
Sets the identifier of the IPv4 address filter to be used to output packets to a port that
is not subject to authentication. One IPv4 address filter identifier can be specified by
using this parameter.
1.
2.
Default behavior
When a Web authentication IP address is set, communication can be possible before
authentication.
DHCP packets destined for the internal DHCP server used in Web authentication
dynamic VLAN mode are able to pass through before authentication.
If the URL redirect functionality is set, all packets other than http packets are
discarded.
All packets other than the above are discarded.
366
Default value when this parameter is omitted:
This parameter cannot be omitted.
Range of values:
Set 3 to 31 characters, the first character of which must be a non-numeric
character. For details about the characters that can be specified, see
Specifiable values for parameters.
<ACL ID>