mac-auth

bridge

Enables source MAC authentication for Extended VLAN and tunneled traffic (MiNT and L2TPv3) on this bridge VLAN. When enabled, it provides fast path authentications of clients, whose captive portal session has expired.

Supported in the following platforms:

  • Wireless Controllers — RFS4000
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

mac-auth {attempts <1-5>|throttle <0-255>}

Parameters

mac-auth {attempts <1-5>|throttle <0-255>}]
mac-auth Enables MAC Authentication
attempts <1-5> Optional. Configures the maximum number of retries allowed for MAC authentication requests.
  • <1-5> – Specify the maximum allowed authentication retries from 1 - 5. The default is 3.
throttle <0-255> Optional. Configures the throttle value for MAC authentication requests
  • <0-255> – Specify the MAC authentication request throttle value from 0 -255. The default is 64.

Usage Guidelines : Applying AAA Policy for MAC Authentication

To enable MAC authentication,

  • Create an AAA policy.
    nx9500-6C8809(config)#aaa-policy MAC-Auth
  • Use the AAA policy on the device for MAC Authentication.
    nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#mac-auth use aaa-policy MAC-Auth
  • In the bridge VLAN context, enable MAC Authentication,
    nx9500-6C8809(config-device B4-C7-99-6C-88-09-bridge-vlan-20)#mac-auth
  • Optionally, configure the following MAC Authentication parameters. If not specified, default values are applied.
    nx9500-6C8809(config-device B4-C7-99-6C-88-09-bridge-vlan-20)#mac-auth attempts 2
    nx9500-6C8809(config-device B4-C7-99-6C-88-09-bridge-vlan-20)#mac-auth throttle 100

Usage Guidelines: Enabling Fall-back Captive Portal Authentication

To enable fall-back captive-portal authentication on the bridge VLAN,

  • apply a captive-portal policy to the bridge VLAN.
    nx9500-6C8809(config-device B4-C7-99-6C-88-09-bridge-vlan-20)#use captive-portal test
  • enable captive-portal authentication as the fall-back authentication mode.
    nx9500-6C8809(config-device B4-C7-99-6C-88-09-bridge-vlan-20)#captive-portal-enforcement fall-back

Example

nx9500-6C8809(config-profile testNX9000-bridge-vlan-20)#mac-auth attempts 2

nx9500-6C8809(config-profile testNX9000-bridge-vlan-20)#mac-auth throttle 80

nx9500-6C8809(config-profile testNX9000-bridge-vlan-20)#show context
 bridge vlan 20
  mac-auth attempts 2
  mac-auth throttle 80
  ip igmp snooping
  ip igmp snooping querier
  ipv6 mld snooping
  ipv6 mld snooping querier
nx9500-6C8809(config-profile testNX9000-bridge-vlan-20)#

Related Commands

no Disables MAC authentication for Extended VLAN and Tunneled traffic on this bridge VLAN