3com DUA1550-0AAA02 Manuel D’Utilisation

This case study describes the tasks that need to be performed in order to 
restrict network access to known computers, using MAC-address based 
authentication. 

It is an example of “block-by-default” or a white-list mode, where the 
device needs to be listed in the RADIUS server before it is allowed access 
to the network. This mode relies solely on authenticating the MAC 
address of each attached device. Non-user devices (for example printers 
and servers) can still connect to the network, while the network blocks 
rogue devices, such as unknown wireless access devices. This mode does 
not require user authentication and hence does not provide any network 
protection against unauthorized user login. 

The following provides an overview of the tasks for a network 
administrator responsible for the domain on the network.

1 Ensure edge port security is set to MAC-address based authentication (or 

RADA) on edge ports in the domain. 

Using 3Com Network Access Manager:

2 Select the Default Rule and set the Network Access to Deny, see 

“Changing Rule Properties” in Chapter 3.

3 Create an Authorized Computers rule which will allow network access, 

see “Creating A New Rule”in Chapter 3. 

a Set security permissions for the rule. Grant READ and WRITE access to 

the users/groups permitted to apply the rule, grant READ access to all 
Network Administrators in the domain to ensure they can see that the 
rule exists even if they are not permitted to apply the rule.

b Set the Actions for the rule: select the rule priority, and set Network 

Access to Allow, if appropriate select the VLAN, QoS profile and EFW 
policy for the rule.

4 Enter the MAC addresses for all devices in the domain. For information 

on entering MAC addresses, see “Entering MAC Addresses For A 
Computer”.

5 Create a new group which will hold the computers that are allowed 

access, see “Creating A New Group” in Chapter 3.