Configuring the Authentication order, priority, and fallback

  • To configure the Authentication order, use:

    aaa port-access <PORT-LIST> auth-order <authenticator | mac-based> <mac-based | authenticator>
  • To configure the Authentication order with fallback, use:

    aaa port-access <PORT-LIST> auth-order <authenticator | mac-based> <mac-based | authenticator> [local-mac]
  • To configure Authentication priority, use:

    aaa port-access <PORT-LIST> auth-priority <authenticator | mac-based> <mac-based | authenticator>

Where,

PORT-LIST specifies a single port or a range of ports.

authenticator sets 802.1X Authentication as the primary Authentication method for the clients of this port.

mac-based sets MAC address based Authentication as the primary Authentication method for the clients of this port.

local-mac sets the Local MAC address based Authentication as the fallback Authentication method for the clients of this port.

Examples

switch(config)# show run interface 15

Running configuration:

interface 15
  untagged vlan 1
   aaa port-access authenticator
   aaa port-access authenticator client-limit 2
   aaa port-access mac-based
   aaa port-access mac-based addr-limit 2
   exit

switch(config)# show port-access clients l5 detailed

Port Access Client Status Detail

  Client Base Details :
   Port            : L5                    Authentication Type : mac-based
   Client Status   : authenticated         Session Time        : 19 seconds
   Client Name     : accc8e9e05fa          Session Timeout     : 0 seconds
   MAC Address     : accc8e-9e05fa
   IP              : n/a

   Auth Order      : 8021x, Mac-Auth
   Auth Priority   : Not Set
   LMA Fallback    : Disabled

Downloaded user roles are preceded by *

User Role Information

   Name                              : *DUR_Mac_Auth-3089-5
   Type                              : downloaded
   Reauthentication Period (seconds) : 0
   Cached Reauth Period (seconds)    : 0
   Logoff Period (seconds)           : 300
   Untagged VLAN                     : 10
   Tagged VLANs                      :

   Captive Portal Profile            :
   Policy                            :
   Tunnelednode Server Redirect      : Enabled
   Secondary Role Name               : mac-role
   Device Attributes                 : Disabled