Configuring Mac Authentication; User Account Policies; Authentication Approaches - HP A6600 Configuration Manual
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
Configuring MAC authentication
MAC authentication is available only on a SAP interface card in bridging mode.
MAC authentication controls network access by authenticating source MAC addresses on a port. It does
not require client software. A user does not need to enter a username and password for network access.
The device initiates a MAC authentication process when it detects an unknown source MAC address on
a MAC authentication enabled port. If the MAC address passes authentication, the user can access
authorized network resources. If the authentication fails, the device marks the MAC address as a silent
MAC address, drops the packet, and starts a quiet timer. The device drops all subsequent packets from
the MAC address within the quiet time. This quiet mechanism avoids repeated authentication during a
short time.
NOTE:
If the MAC address that has failed authentication is a static MAC address or a MAC address that has
passed any security authentication, the device does not mark it as a silent address.
User account policies
MAC authentication supports the following user account policies:
One MAC-based user account for each user. The access device uses the source MAC addresses in
•
packets as the usernames and passwords of users for MAC authentication. This policy is suitable
for an insure environment.
One shared user account for all users. You specify one username and password, which are not
•
necessarily a MAC address, for all MAC authentication users on the access device. This policy is
suitable for a secure environment.
Authentication approaches
Perform MAC authentication on the access device (local authentication) or through a RADIUS server.
Suppose a source MAC unknown packet arrives at a MAC authentication enabled port.
In the local authentication approach:
If MAC-based accounts are used, the access device uses the source MAC address of the packet as
•
the username and password to search its local account database for a match.
If a shared account is used, the access device uses the shared account username and password to
•
search its local account database for a match.
In the RADIUS authentication approach:
If MAC-based accounts are used, the access device sends the source MAC address as the
•
username and password to the RADIUS server for authentication.
If a shared account is used, the access device sends the shared account username and password to
•
the RADIUS server for authentication.
For more information about configuring local authentication and RADIUS authentication, see
"Configuring
AAA."
104
Advertisement
Table of Contents
Troubleshooting
