User Guide
Command Line Interface
7-70
7
MAC Address Authentication
Use these commands to define MAC authentication on the access point. For local
MAC authentication, first define the default filtering policy using the address filter
default command. Then enter the MAC addresses to be filtered, indicating if they are
allowed or denied. For RADIUS MAC authentication, the MAC addresses and
filtering policy must be configured on the RADIUS server.
address filter default
This command sets filtering to allow or deny listed MAC addresses.
Syntax
address filter default <allowed | denied>
• allowed - Only MAC addresses entered as “denied” in the address filtering
table are denied.
• denied - Only MAC addresses entered as “allowed” in the address filtering
table are allowed.
Default
allowed
Command Mode
Global Configuration
Example
Table 7-13. MAC Address Authentication
Command Function Mode Page
address filter default Sets filtering to allow or deny listed addresses GC 7-71
address filter entry Enters a MAC address in the filter table GC 7-72
address filter delete Removes a MAC address from the filter table GC 7-72
mac- authentication server Sets address filtering to be performed with local or
remote options
GC 7-73
mac- authentication
session-timeout
Sets the interval at which associated clients will be
re-authenticated with the RADIUS server authentication
database
GC 7-73
show authentication Shows all 802.1X authentication settings, as well as the
address filter table
Exec 7-69
Enterprise AP(config)#address filter default denied
Enterprise AP(config)#