Configuring Mac Authentication; Overview; User Account Policies; Authentication Methods - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (132 pages) ,
- Configuration manual (63 pages)
Table of Contents
Advertisement
Configuring MAC authentication
Overview
MAC authentication controls network access by authenticating source MAC addresses on a port. The
feature does not require client software, and users do not have to enter a username and password for
network access. The device initiates a MAC authentication process when it detects an unknown source
MAC address on a MAC authentication-enabled port. If the MAC address passes authentication, the
user can access authorized network resources. If the authentication fails, the device marks the MAC
address as a silent MAC address, drops the packet, and starts a quiet timer. The device drops all
subsequent packets from the MAC address within the quiet time. The quiet mechanism avoids repeated
authentication during a short time.
NOTE:
If the MAC address that has failed authentication is a static MAC address or a MAC address that has
passed any security authentication, the device does not mark the MAC address as a silent address.
User account policies
MAC authentication supports the following user account policies:
One MAC-based user account for each user. The access device uses the source MAC addresses in
•
packets as the usernames and passwords of users for MAC authentication. This policy is suitable for
an insecure environment.
One shared user account for all users. You specify one username and password, which are not
•
necessarily a MAC address, for all MAC authentication users on the access device. This policy is
suitable for a secure environment.
Authentication methods
You can perform MAC authentication on the access device (local authentication) or through a RADIUS
server.
Local authentication:
MAC-based accounts—The access device uses the source MAC address of the packet as the
•
username and password to search the local account database for a match.
•
A shared account—The access device uses the shared account username and password to search
the local account database for a match.
RADIUS authentication:
•
MAC-based accounts—The access device sends the source MAC address of the packet as the
username and password to the RADIUS server for authentication.
A shared account—The access device sends the shared account username and password to the
•
RADIUS server for authentication.
101
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
