Configuring the Authentication order, priority, and fallback
To configure the Authentication order, use:
aaa port-access <PORT-LIST> auth-order <authenticator | mac-based> <mac-based | authenticator>
To configure the Authentication order with fallback, use:
aaa port-access <PORT-LIST> auth-order <authenticator | mac-based> <mac-based | authenticator> [local-mac]
To configure Authentication priority, use:
aaa port-access <PORT-LIST> auth-priority <authenticator | mac-based> <mac-based | authenticator>
Where,
PORT-LIST specifies a single port or a range of ports.
authenticator sets 802.1X Authentication as the primary Authentication method for the clients of this port.
mac-based sets MAC address based Authentication as the primary Authentication method for the clients of this port.
local-mac sets the Local MAC address based Authentication as the fallback Authentication method for the clients of this port.
Examples
switch(config)# show running-config interface l5
Running configuration:
interface L5
untagged vlan 1
aaa port-access authenticator
aaa port-access authenticator max-eap-retries 1
aaa port-access authenticator client-limit 2
aaa port-access mac-based
aaa port-access mac-based addr-limit 2
aaa port-access mac-based mac-pin
aaa port-access auth-order authenticator mac-based
exit
switch(config)# show port-access clients l5 detailed
Port Access Client Status Detail
Client Base Details :
Port : L5 Authentication Type : mac-based
Client Status : authenticated Session Time : 19 seconds
Client Name : accc8e9e05fa Session Timeout : 0 seconds
MAC Address : accc8e-9e05fa
IP : n/a
Auth Order : 8021x, Mac-Auth
Auth Priority : Not Set
LMA Fallback : Disabled
Logoff Period (seconds) : 300
Untagged VLAN : 10
Tagged VLANs :
Captive Portal Profile :
Policy :
Tunnelednode Server Redirect : Enabled
Secondary Role Name : mac-role
Device Attributes : Disabled