beautypg.com

Configuring mac-authentication – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1113

background image

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

42.17

The switch extracts the source MAC address from the supplicant's packets and puts it into
a string of the form xx-xx-xx-xx-xx-xx, using lower-case letters for any hex digits in the
range a-f. This string is then used as both the username and the password in the RADIUS
access-request packet. The supplicant MAC address is also sent in the attribute 31 “calling-
station-id” as usual.

Configuring MAC-Authentication

Under AlliedWare Plus, there are two steps to setting up MAC-authentication.

1.

Define the authentication method list that is used for MAC-authentication.

There is only one method list that can be created for MAC-authentication—the default
method list. Moreover, the only authentication server type that can be used is RADIUS.

The command for defining the method list is:

2.

Enable MAC-authentication on the ports that are to perform this authentication:

On the RADIUS server, it is necessary to create user entries where both the username and
password are the MAC address of the supplicant, in the form xx-xx-xx-xx-xx-xx.

For example on the AlliedWare Plus local RADIUS server, the configuration is:

The supplicant requires no configuration, as the whole purpose of MAC-authentication is
to authenticate devices that cannot be configured for authentication.

It is also possible to configure the authentication protocol that the switch uses in its
interaction with the RADIUS server. There are two choices of protocol: EAP-MD5 and PAP.
The default method is PAP, and can be changed by using the command:

awplus(config)#

aaa authentication auth-mac default group
radius

awplus(config)#

interface port1.0.2

awplus(config)#

auth-mac enable

awplus(config)#

spanning-tree edgeport

awplus(config)#

radius-server local

awplus(config-radsrv)#

user xx-xx-xx-xx-xx-xx
password xx-xx-xx-xx-xx-xx

awplus(config-if)#

auth-mac method [eap-md5|pap]

See also other documents in the category Allied Telesis Computer hardware: