3com DUA1550-0AAA02 Manual De Usuario

The two forms of RADIUS authentication supported by 3Com Network 
Access Manager are:

■

MAC-address based authentication, for example RADA (RADIUS 
Authenticated Device Access).

■

IEEE 802.1X authentication, also known as dot1X, 802.1X and 
Network Login.

3Com Network Access Manager relies on the RADIUS server to perform 
MAC-address based authentication through a single authentication user 
name (as opposed to the MAC address as a user name). 

When 3Com Network Access Manager receives an authentication request 
to the MAC authentication user name, it also authenticates the MAC 
address of the computer against the 3Com Network Access Manager 
rules to determine the authentication outcome, as follows:

1 Look up the MAC address against all Computers configured, to find all 

associated rules.

2 If rules are found, select the highest priority rule.

3 If no rules are found, select the Default Rule.

4 Return the authentication result from the selected rule.

When a switch performs IEEE 802.1X authentication, the process is 
similar to the MAC-address based authentication, but 3Com Network 
Access Manager also checks the user requested, as follows:

1 Look up the IEEE 802.1X username against all Users configured, to find 

all associated rules.

2 Look up the MAC address against all Computers configured, to find all 

associated rules.

3 If rules are found, select the highest priority rule.

4 If no rules are found, select the Default Rule.

5 Return the authentication result from the selected rule.

Checking the MAC address ensures that network policies such as blocked 
hosts can be maintained, regardless of edge port security mode.