Quick Reference Guide
PowerConnect B-Series TI24X Configuration Guide 985
53-1002269-02
Configuring multi-device port authentication
30
If neither of these VSAs exist in a device profile on the RADIUS server, then by default the device is
subject to multi-device port authentication (if configured), then 802.1X authentication (if
configured). The RADIUS record can be used for both multi-device port authentication and 802.1X
authentication.
Configuring multi-device port authentication
Configuring multi-device port authentication on the device consists of the following tasks:
• Enabling multi-device port authentication globally and on individual interfaces
• Specifying the format of the MAC addresses sent to the RADIUS server (optional)
• Specifying the authentication-failure action (optional)
• Enabling and disabling SNMP traps for multi-device port authentication
• Defining MAC address filters (optional)
• Configuring dynamic VLAN assignment (optional)
• Dynamically Applying IP ACLs to authenticated MAC addresses
• Enabling denial of service attack protection (optional)
• Clearing authenticated MAC addresses (optional)
• Disabling aging for authenticated MAC addresses (optional)
• Configuring the hardware aging period for blocked MAC addresses
• Specifying the aging time for blocked MAC addresses (optional)
NOTE
On PowerConnect B-Series TI24X devices, the 802.1X port security feature is supported.
Enabling multi-device port authentication
To enable multi-device port authentication, you first enable the feature globally on the device. On
some devices, you can then enable the feature on individual interfaces.
Globally enabling multi-device port authentication
To globally enable multi-device port authentication on the device, enter the following command.
PowerConnect(config)# mac-authentication enable
Syntax: [no] mac-authentication enable
Enabling multi-device port authentication on an interface
To enable multi-device port authentication on an individual interface, enter a command such as the
following.
PowerConnect(config)# mac-authentication enable ethernet 1
Syntax: [no] mac-authentication enable <portnum> | all
The <portnum> parameter is a valid port number.