beautypg.com

7 mac authentication configuration, Mac authentication overview, Introduction – H3C Technologies H3C S7500E Series Switches User Manual

Page 127: Mac authentication configuration

background image

7-1

7

MAC Authentication Configuration

This chapter includes these sections:

z

MAC Authentication Overview

z

Basic Configuration for MAC Authentication

z

Specifying a Domain for MAC Authentication Users

z

Displaying and Maintaining MAC Authentication

z

MAC Authentication Configuration Examples

MAC Authentication Overview

Introduction

MAC authentication provides a way for authenticating users based on ports and MAC addresses. It

requires neither installation of any client software on the user hosts, nor provision of any username or

password during authentication. Once detecting a new MAC address on a MAC authentication

enabled port, the device initiates a MAC authentication process. If the user passes MAC

authentication, the device allows the user to access network resources through the port. If the user

fails the authentication, the device marks the MAC address of the user as a quiet MAC address, and

will directly discard all subsequent packets from the MAC address within the quiet time (dictated by the

quiet timer). This mechanism is called the quiet function, and it can prevent the device from

authenticating an illegal user repeatedly in a short time.

If a quiet MAC address is the same as a static MAC address configured or a MAC address that has

passed another type of authentication, the quiet function does not take effect.

Currently, the device supports two MAC authentication modes: Remote Authentication Dial-In User

Service (RADIUS) based MAC authentication and local MAC authentication on the access device. For

detailed information about RADIUS authentication and local authentication, see AAA Configuration in

the Security Configuration Guide.

MAC authentication supports two types of usernames:

z

MAC address, where the MAC address of a user serves as both the username and password.

z

Fixed username, where all users use the same preconfigured username and password for

authentication, regardless of the MAC addresses. In this case, all users on a port use the same

username and password for MAC authentication.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: