beautypg.com

Network access (mac address authentication), Network access, Conf – LevelOne GTL-2691 User Manual

Page 330: Mac a

background image

C

HAPTER

13

| Security Measures

Network Access (MAC Address Authentication)

– 330 –

Figure 164: Configuring Interface Settings for Web Authentication

N

ETWORK

A

CCESS

(MAC A

DDRESS

A

UTHENTICATION

)

Some devices connected to switch ports may not be able to support 802.1X

authentication due to hardware or software limitations. This is often true

for devices such as network printers, IP phones, and some wireless access

points. The switch enables network access from these devices to be

controlled by authenticating device MAC addresses with a central RADIUS

server.

N

OTE

:

RADIUS authentication must be activated and configured properly

for the MAC Address authentication feature to work properly. (See

"Configuring Remote Logon Authentication Servers" on page 312

.)

N

OTE

:

MAC authentication cannot be configured on trunk ports.

CLI R

EFERENCES

"Network Access (MAC Address Authentication)" on page 927

C

OMMAND

U

SAGE

MAC address authentication controls access to the network by

authenticating the MAC address of each host that attempts to connect

to a switch port. Traffic received from a specific MAC address is

forwarded by the switch only if the source MAC address is successfully

authenticated by a central RADIUS server. While authentication for a

MAC address is in progress, all traffic is blocked until authentication is

completed. On successful authentication, the RADIUS server may

optionally assign VLAN and quality of service settings for the switch

port.

When enabled on a port, the authentication process sends a Password

Authentication Protocol (PAP) request to a configured RADIUS server.

The user name and password are both equal to the MAC address being

authenticated. On the RADIUS server, PAP user name and passwords

must be configured in the MAC address format XX-XX-XX-XX-XX-XX (all

in upper case).