Network access (mac address authentication), Network access, Conf – LevelOne GTL-2691 User Manual
Page 330: Mac a
C
HAPTER
13
| Security Measures
Network Access (MAC Address Authentication)
– 330 –
Figure 164: Configuring Interface Settings for Web Authentication
N
ETWORK
A
CCESS
(MAC A
DDRESS
A
UTHENTICATION
)
Some devices connected to switch ports may not be able to support 802.1X
authentication due to hardware or software limitations. This is often true
for devices such as network printers, IP phones, and some wireless access
points. The switch enables network access from these devices to be
controlled by authenticating device MAC addresses with a central RADIUS
server.
N
OTE
:
RADIUS authentication must be activated and configured properly
for the MAC Address authentication feature to work properly. (See
"Configuring Remote Logon Authentication Servers" on page 312
.)
N
OTE
:
MAC authentication cannot be configured on trunk ports.
CLI R
EFERENCES
◆
"Network Access (MAC Address Authentication)" on page 927
C
OMMAND
U
SAGE
◆
MAC address authentication controls access to the network by
authenticating the MAC address of each host that attempts to connect
to a switch port. Traffic received from a specific MAC address is
forwarded by the switch only if the source MAC address is successfully
authenticated by a central RADIUS server. While authentication for a
MAC address is in progress, all traffic is blocked until authentication is
completed. On successful authentication, the RADIUS server may
optionally assign VLAN and quality of service settings for the switch
port.
◆
When enabled on a port, the authentication process sends a Password
Authentication Protocol (PAP) request to a configured RADIUS server.
The user name and password are both equal to the MAC address being
authenticated. On the RADIUS server, PAP user name and passwords
must be configured in the MAC address format XX-XX-XX-XX-XX-XX (all
in upper case).