3com 5500-SI Manual De Usuario
14
C
ENTRALIZED
MAC A
DDRESS
A
UTHENTICATION
C
ONFIGURATION
Introduction to
Centralized MAC
Address
Authentication
Centralized MAC
Address
Authentication
Centralized MAC address authentication controls accesses to a network through
ports and MAC addresses. This kind of authentication requires no client software.
When operating in centralized MAC address authentication mode, a switch begins to
authenticate the user if it detects a new user MAC address.
ports and MAC addresses. This kind of authentication requires no client software.
When operating in centralized MAC address authentication mode, a switch begins to
authenticate the user if it detects a new user MAC address.
Centralized MAC address authentication is implemented in the following two modes:
■
MAC address mode. In this mode, user MAC address is used as both the user
name and the password.
name and the password.
■
Fixed mode. In this mode, user names and passwords are configured on the switch
in advance. And users log on using the user names and passwords configured on
the switch.
in advance. And users log on using the user names and passwords configured on
the switch.
SWITCH 5500 series Ethernet switches support local authentication and RADIUS
server authentication.
server authentication.
1 When a RADIUS server is used for authentication, the switch serves as a RADIUS
client. In this case, centralized MAC address authentications are carried out as
follows.
follows.
■
In MAC address mode, a switch sends newly detected MAC addresses to the
RADIUS server as both the user names and passwords. The rest handling
procedures are the same as that of 802.1x.
RADIUS server as both the user names and passwords. The rest handling
procedures are the same as that of 802.1x.
■
In fixed mode, a switch sends the user names and passwords configured for fixed
mode on it to the RADIUS server. It also inserts user MAC addresses into the
calling-station-id fields of the RADIUS packets sent to the RADIUS server. The rest
handling procedures are the same as that of 802.1x.
mode on it to the RADIUS server. It also inserts user MAC addresses into the
calling-station-id fields of the RADIUS packets sent to the RADIUS server. The rest
handling procedures are the same as that of 802.1x.
■
The RADIUS server authenticates the user and grants the user the permission to
access the network if the user passes the authentication.
access the network if the user passes the authentication.
2 When local authentication is used, users are authenticated by the switch. When
configuring local authentication, note that:
■
For MAC address authentication mode, you need to provide MAC addresses as the
user names and passwords. (The MAC addresses provided here need to be in the
format of xx-xx-xx-xx-xx-xx, where the character x stands for a hexadecimal
number ranging from 0 to f.)
user names and passwords. (The MAC addresses provided here need to be in the
format of xx-xx-xx-xx-xx-xx, where the character x stands for a hexadecimal
number ranging from 0 to f.)
■
For fixed mode, configure the user name and password as those for fixed mode.
■
Set local service type as LAN-access.