Mac-Based Access Control; Notes About Mac-Based Access Control; Mac Based Access Control Settings - D-Link DES-3528 User Manual

Xstack

Hide thumbs Also See for DES-3528:

Cli reference manual (605 pages)

Reference manual (378 pages)

User manual (322 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

page of 318

/ 318
Contents
Table of Contents
Bookmarks

Table of Contents

xStack DES-3528 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual

MAC-Based Access Control

The MAC-Based Access Control feature will allow users to configure a list of MAC addresses, either locally or on a

remote RADIUS server, to be authenticated by the Switch and given access rights based on the configurations set on

the Switch of the target VLAN where these authenticated users are placed.

The Switch will learn MAC addresses of a device through the receipt of ARP packets or DHCP packets and then

attempt to match them on the authenticating list. If the client has not been configured for DHCP or does not have an IP

configuration in static mode, then MAC addresses cannot be discovered and the client will not be authenticated. Ports

and MAC addresses awaiting authentication are placed in the Guest VLAN where the Switch administrator can assign

limited rights and privileges.

For local authentication on the Switch, the user must enter a list of MAC addresses to be accepted through this

mechanism using the MAC-Based Access Control Local Database Settings window, as seen below. The user may

enter up to 1024 MAC addresses locally on the Switch but only sixteen MAC addresses can be accepted per physical

MAC-Based Access Control enabled port. Once a MAC addresses has been authenticated by the Switch on the local

side, the port where that MAC address resides will be placed in the previously configured target VLAN, where the

rights and privileges are set by the switch administrator. If the VLAN Name for the target VLAN is not found by the

Switch, the Switch will return the port containing that MAC address to the originating VLAN. If the MAC address is not

found and the port is in the Guest VLAN, it will remain in the Guest VLAN, with the associated rights. If the port is not

in the guest VLAN, this MAC address will be blocked by the Switch.

For remote RADIUS server authentication, the user must first configure the RADIUS server with a list of MAC

addresses and relative target VLANs that are to be authenticated on the Switch. Once a MAC address has been

discovered by the Switch through ARP or DHCP packets, the Switch will then query the remote RADIUS server with

this potential MAC address, using a RADIUS Access Request packet. If a match is made with this MAC address, the

RADIUS server will return a notification stating that the MAC address has been accepted and is to be placed in the

target VLAN. If the VID for the target VLAN is not found, the Switch will return the port containing the MAC address to

the original VLAN. If the MAC address is not found, and if the port is in the Guest VLAN, it will remain in the Guest

VLAN, with the associated rights. If the port is not in the guest VLAN, this MAC address will be blocked by the Switch.

Notes About MAC-Based Access Control

There are certain limitations and regulations regarding the MAC-Based Access Control:

1. Once this feature is enabled for a port, the Switch will clear the FDB of that port.

2. If a port is granted clearance for a MAC address in a VLAN that is not a Guest VLAN, other MAC addresses on

that port must be authenticated for access and otherwise will be blocked by the switch.

3. MAC-Based Access Control is its own entity and is not dependant on other authentication functions on the Switch,

such as 802.1X, Web-Based authentication etc...

4. A port accepts a maximum of sixteen authenticated MAC addresses per physical port of a VLAN that is not a

Guest VLAN. Other MAC addresses attempting authentication on a port with the maximum number of

authenticated MAC addresses will be blocked.

5. Ports that have been enabled for Link Aggregation, stacking, 802.1X authentication, 802.1X Guest VLAN, Port

Security, GVRP or Web-Based authentication cannot be enabled for the MAC-Based Authentication.

MAC Based Access Control Settings

The following window is used to set the parameters for the MAC-Based Access Control function on the Switch. Here

the user can set the running state, method of authentication, RADIUS password and view the Guest VLAN

configuration to be associated with the MAC-Based Access Control function of the Switch.MAC Based Access Control

Global Settings

To enable the MAC Based Access Control Global Settings on the switch, click Security > MAC Based Access

Control > MAC Based Access Control Settings

161

Table of Contents

Mac-Based Access Control; Notes About Mac-Based Access Control; Mac Based Access Control Settings - D-Link DES-3528 User Manual

MAC-Based Access Control

Notes About MAC-Based Access Control

MAC Based Access Control Settings

Related Manuals for D-Link DES-3528

Related Content for D-Link DES-3528

Table of Contents