Table of Contents
Advertisement
Configuring MAC authentication
About MAC authentication
MAC authentication controls network access by authenticating source MAC addresses on a port.
The feature does not require client software, and users do not have to enter a username and
password for network access. The device initiates a MAC authentication process when it detects an
unknown source MAC address on a MAC authentication-enabled port. If the MAC address passes
authentication, the user can access authorized network resources. If the authentication fails, the
device marks the MAC address as a silent MAC address, drops the packet, and starts a quiet timer.
The device drops all subsequent packets from the MAC address within the quiet time. The quiet
mechanism avoids repeated authentication during a short time.
User account policies
MAC authentication supports the following user account policies:
•
One MAC-based user account for each user. As shown in
the source MAC addresses in packets as the usernames and passwords of users for MAC
authentication. This policy is suitable for an insecure environment.
•
One shared user account for all users. You specify one username and password, which are not
necessarily a MAC address, for all MAC authentication users on the access device. This policy
is suitable for a secure environment. See
Figure 67 MAC-based user account policy
Figure 68 Shared user account policy
Host
MAC: 1-1-1
Host
MAC: 2-2-2
Device
User account
Fixed account
Username/Password
Username:abc
(abc/123)
Password:123
211
Figure
Figure 68.
Local user account
abc
67, the access device uses
RADIUS user account
abc
RADIUS server
Advertisement
Table of Contents
Troubleshooting
