beautypg.com

16 configuring mac/byod authentication, Mac authentication processes, Anonymous mac authentication – H3C Technologies H3C Intelligent Management Center User Manual

Page 353: Configuring mac/byod authentication

background image

335

16 Configuring MAC/BYOD authentication

To authenticate endpoint users identified by MAC addresses, UAM provides the following authentication

modes:

Anonymous MAC authentication—Automatically authenticates the user who has no accounts in
UAM by using the BYODanonymous account. After the authentication, the user can register a guest

account in UAM and then use the guest account for authentication.

Transparent MAC authentication—Automatically authenticates the user by using the account
associated with the user's MAC address, requiring no manual intervention.

Mute terminal MAC authentication—Automatically authenticates mute terminals such as IP phones
and printers, which cannot actively initiates the authentication process.

The BYOD solution combines anonymous MAC authentication with transparent MAC authentication. An

endpoint user first goes through anonymous MAC authentication and then transparent MAC

authentication.

MAC authentication processes

The MAC authentication processes vary by the authentication mode. This example uses X as the name of

the MAC authentication domain.

Anonymous MAC authentication

Anonymous authentication uses the following workflow:

1.

An IMC operator enables MAC authentication and RADIUS authentication on the access device,
and configures Domain X as the MAC authentication domain.

2.

When a guest attempts to access the network, the access device forwards the MAC address of the
guest to UAM.

3.

UAM checks the MAC address and performs anonymous MAC authentication for the guest if the
following conditions are met:

{

The MAC address is not in the MAC address range configured for mute terminals.

{

The MAC address is not bound to any user account except the BYODanonymous account.

{

Transparent authentication is enabled for the MAC address.

{

The BYODanonymous account is configured in UAM, and one of the services applied for the
account uses the service suffix X.

4.

After the authentication, UAM binds the MAC address to the BYODanonymous account, and
controls the guest's access behaviors by using the service with the suffix X.

Table 25

shows the domain X and service suffix correlation in anonymous MAC authentication.

See also other documents in the category H3C Technologies Safety: