Mac authentication configuration, Mac authentication overview, Configuring mac authentication – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

285

MAC authentication configuration

MAC authentication overview

MAC authentication controls network access by authenticating source MAC addresses on a port. It does

not require client software. A user does not need to input a username and password for network access.
The device initiates a MAC authentication process when it detects an unknown source MAC address on

a MAC authentication enabled port. If the MAC address passes authentication, the user can access

authorized network resources. If the authentication fails, the device marks the MAC address as a silent

MAC address, drops the packet, and starts a quiet timer. The device drops all subsequent packets from
the MAC address within the quiet time. This quiet mechanism avoids repeated authentication during a

short time.

NOTE:

For more information about MAC authentication, see

H3C WX3000E Series Wireless Switches Switching

Engine Configuration Guide.

Configuring MAC authentication

Configuration prerequisites

•

Disable port security globally.

•

Create and configure an ISP domain.

•

For local authentication, create local user accounts and specify the LAN access service for the
accounts.

•

For remote authentication, check that the device and the RADIUS server can reach each other and
create user accounts on the server.

NOTE:

If you are using MAC-based accounts, make sure that the username and password for each account is the
same as the MAC address of the MAC authentication users.

Recommended configuration procedure

Step Remarks

1. Configuring MAC authentication globally

Required.
Enable MAC authentication globally and configure the
advanced parameters.
By default, MAC authentication is disabled globally.