1 mac address authentication configuration, Mac address authentication overview, Performing mac address authentication locally – H3C Technologies H3C S3600 Series Switches User Manual
Page 566: Mac address authentication configuration
1-1
1
MAC Address Authentication Configuration
When configuring MAC address authentication, go to these sections for information you are interested:
z
MAC Address Authentication Overview
z
z
Configuring Basic MAC Address Authentication Functions
z
MAC Address Authentication Enhanced Function Configuration
z
Displaying and Maintaining MAC Address Authentication Configuration
z
MAC Address Authentication Configuration Examples
MAC Address Authentication Overview
MAC address authentication provides a way for authenticating users based on ports and MAC
addresses, without requiring any client software to be installed on the hosts. Once detecting a new MAC
address, it initiates the authentication process. During authentication, the user does not need to enter
username or password manually.
For S3600 Series Ethernet switches, MAC address authentication can be implemented locally or on a
RADIUS server.
After determining the authentication method, users can select one of the following types of user name
as required:
z
MAC address mode, where the MAC address of a user serves as the user name for authentication.
z
Fixed mode, where user names and passwords are configured on a switch in advance. In this case,
the user name, the password, and the limits on the total number of user names are the matching
criterion for successful authentication. For details, refer to AAA of this manual for information about
local user attributes.
Performing MAC Address Authentication on a RADIUS Server
When authentications are performed on a RADIUS server, the switch serves as a RADIUS client and
completes MAC address authentication in cooperation with the RADIUS server.
z
In MAC address mode, the switch sends the MAC addresses detected to the RADIUS server as
both the user names and passwords, or sends the MAC addresses detected to the RADIUS server
as the user names and uses the configured fixed password as the password.
z
In fixed mode, the switch sends the user name and password previously configured for the user to
the RADIUS server for authentication.
The RADIUS authentication process is the same as that of the 802.1x PAP authentication method. For
details, refer to 802.1x and System-Guard Operation.
A user can access a network upon passing the authentication performed by the RADIUS server.
Performing MAC Address Authentication Locally
When authentications are performed locally, users are authenticated by switches. In this case,