Alcatel-Lucent omniaccess User Manual
Configuring 802.1x Security
133
Chapter 11
Configuring MAC-based Authentication
This section of the document shows how to configure MAC-based
authentication on the Alcatel switch using the WebUI..
authentication on the Alcatel switch using the WebUI..
Use MAC-based authentication to authenticate devices based on their
physical MAC address. While not the most secure and scalable method,
MAC-based authentication still implicitly provides an addition layer of security
authentication devices. MAC-based authentication is often used to
authenticate and allow network access through certain devices while denying
access to the rest. For example, if users are allowed access to the network via
station A, then one method of authenticating station A is MAC-based. Users
may be required to authenticate themselves using other methods depending
on the network privileges required.
physical MAC address. While not the most secure and scalable method,
MAC-based authentication still implicitly provides an addition layer of security
authentication devices. MAC-based authentication is often used to
authenticate and allow network access through certain devices while denying
access to the rest. For example, if users are allowed access to the network via
station A, then one method of authenticating station A is MAC-based. Users
may be required to authenticate themselves using other methods depending
on the network privileges required.
MAC-based authentication can also be used to authenticate WiFi phones as
an additional layer of security to avoid other devices from accessing the voice
network using what is normally an insecure SSID.
an additional layer of security to avoid other devices from accessing the voice
network using what is normally an insecure SSID.
Configuring the Switch
To enable MAC-based authentication on the Alcatel Mobility Controller:
1. Before configuring MAC-based authentication on the switch, you must
first configure:
first configure:
z
The role that will be assigned as the default role for the MAC-based
authenticated users. (
authenticated users. (
for information on firewall policies to configure roles). If deri-
vation rules exist or if the user configuration in the internal database
has a role assignment, these values are prioritized over this value.
has a role assignment, these values are prioritized over this value.
z
The Authentication Server that the switch uses to validate the users.
The internal database can be used to configure the users for
MAC-based authentication. See “Configuring Users” on page 135 for
information on configuring the users on the local database. For infor-
mation on configuring AAA servers, Refer to “Authentication Servers”
on page 83.
The internal database can be used to configure the users for
MAC-based authentication. See “Configuring Users” on page 135 for
information on configuring the users on the local database. For infor-
mation on configuring AAA servers, Refer to “Authentication Servers”
on page 83.
2
Select the
Configuration
tab. Navigate to the
Security > Authentication Meth-
ods > MAC Authentication
page.
z
Check the
Authentication Enabled
checkbox to enable authentication.