3com 4210 PWR 9-Port 3CR17341-91-ME User Manual
Product codes
3CR17341-91-ME
22
MAC A
UTHENTICATION
C
ONFIGURATION
MAC Authentication
Overview
Overview
MAC authentication provides a way for authenticating users based on ports and
MAC addresses, without requiring any client software to be installed on the hosts.
Once detecting a new MAC address, it initiates the authentication process. During
authentication, the user does not need to enter username or password manually.
MAC addresses, without requiring any client software to be installed on the hosts.
Once detecting a new MAC address, it initiates the authentication process. During
authentication, the user does not need to enter username or password manually.
You can implement MAC authentication locally or on a RADIUS server.When
combined with RADIUS Authentication, this feature is referred to as RADIUS
Authenticated Device Access, or RADA.
combined with RADIUS Authentication, this feature is referred to as RADIUS
Authenticated Device Access, or RADA.
After determining the authentication method, users can select one of the
following types of user name as required:
following types of user name as required:
■
MAC address mode, where the MAC address of a user serves as both the user
name and the password.
name and the password.
■
Fixed mode, where user names and passwords are configured on a switch in
advance. In this case, the user name, the password, and the limits on the total
number of user names are the matching criterion for successful authentication.
For details, refer to “AAA Configuration” on page 245 for information about
local user attributes.
advance. In this case, the user name, the password, and the limits on the total
number of user names are the matching criterion for successful authentication.
For details, refer to “AAA Configuration” on page 245 for information about
local user attributes.
Performing MAC
Authentication on a
RADIUS Server
When authentications are performed on a RADIUS server, the switch serves as a
RADIUS client and completes MAC authentication in combination of the RADIUS
server.
RADIUS client and completes MAC authentication in combination of the RADIUS
server.
■
In MAC address mode, the switch sends the MAC addresses detected to the
RADIUS server as both the user names and passwords.
RADIUS server as both the user names and passwords.
■
In fixed mode, the switch sends the user name and password previously
configured for the user to the RADIUS server for authentication.
configured for the user to the RADIUS server for authentication.
A user can access a network upon passing the authentication performed by the
RADIUS server.
RADIUS server.
Performing MAC
Authentication Locally
When authentications are performed locally, users are authenticated by switches.
In this case,
In this case,
■
In MAC address mode, the local user name to be configured is the MAC
address of an access user. Hyphens must or must not be included depending
on the format configured with the mac-authentication authmode
usernameasmacaddress usernameformat command; otherwise, the
authentication will fail.
address of an access user. Hyphens must or must not be included depending
on the format configured with the mac-authentication authmode
usernameasmacaddress usernameformat command; otherwise, the
authentication will fail.
■
In fixed mode, all users’ MAC addresses are automatically mapped to the
configured local passwords and usernames.
configured local passwords and usernames.