Chapter 8
| General Security Measures
Network Access (MAC Address Authentication)
network-access
mac-filter
mac-authentication
reauth-time
Use this command to add a MAC address into a filter table. Use the no form of this
command to remove the specified MAC address.
Syntax
[no] network-access mac-filter filter-id
mac-address mac-address [mask mask-address]
filter-id - Specifies a MAC address filter table. (Range: 1-64)
mac-address - Specifies a MAC address entry.
(Format: xx-xx-xx-xx-xx-xx)
mask - Specifies a MAC address bit mask for a range of addresses.
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
◆
Specified addresses are exempt from network access authentication.
◆
This command is different from configuring static addresses with the
address-table static
addresses when using a mask, and then to assign these addresses to one or
more ports with the
◆
Up to 64 filter tables can be defined.
◆
There is no limitation on the number of entries that can entered in a filter table.
Example
Console(config)#network-access mac-filter 1 mac-address 11-22-33-44-55-66
Console(config)#
Use this command to set the time period after which a connected MAC address
must be re-authenticated. Use the no form of this command to restore the default
value.
Syntax
mac-authentication reauth-time seconds
no mac-authentication reauth-time
seconds - The reauthentication time period. (Range: 120-1000000 seconds)
Default Setting
1800
command in that it allows you configure a range of
network-access port-mac-filter
– 224 –
mac-
command.