MAC Authentication (MAC Auth) is a method of authenticating devices for access to the network. The default mode of authentication is RADIUS, through which clients are authenticated by an external RADIUS server.
Enter MAC Auth context:
switch(config)# aaa authentication port-access mac-auth
Enable MAC Auth on all interfaces:
switch(config-macauth)# enable
Configure MAC Auth MAC address format:
switch(config-macauth)# addr-format <no-delimiter|single-dash|multi-dash|multi-colon|no-delimiter
Enable MAC Auth password:
switch(config-macauth)# password <plaintext|ciphertext> PASSWORD
Configure mac-auth RADIUS authentication method:
switch(config-macauth)# aaa authentication port-access mac-auth auth-method <chap|pap>
Configure mac-auth server group:
switch(config-macauth)# radius server-group NAME
Configure cached reauthentication period on a port:
switch(config-macauth)# cached-reauth-period VALUE
Configure the quiet period on a port:
switch(config-macauth)# quiet-period VALUE
Configure the reauthentication period on a port:
switch(config-macauth)# reauth-period VALUE
Enable reauthentication on the interface:
switch(config-macauth)# reauth
Enable authorized on the interface:
switch(config-macauth)# authorized
Enable cached reauthentication on the interface:
switch(config-macauth)# cached-reauth
Show commands to validate functionality:
show aaa authentication port-access mac-auth interface <IFACE|all> <port-statistics|client-status [mac MAC-ADDR]>
show commands looks correct