Table of Contents
Advertisement
Operation Manual – MAC Address Authentication
H3C S3100 Series Ethernet Switches
Chapter 1 MAC Authentication Configuration
1.1 MAC Authentication Overview
MAC authentication provides a way for authenticating users based on ports and MAC
addresses, without requiring any client software to be installed on the hosts. Once
detecting a new MAC address, it initiates the authentication process. During
authentication, the user does not need to enter username or password manually.
For S3100 Series Ethernet switches, MAC authentication can be implemented locally
or on a RADIUS server.
After determining the authentication method, users can select one of the following
types of user name as required:
MAC address mode, where the MAC address of a user serves as both the user
name and the password.
Fixed mode, where user names and passwords are configured on a switch in
advance. In this case, the user name, the password, and the limits on the total
number of user names are the matching criterion for successful authentication.
For details, refer to AAA of this manual for information about local user attributes.
1.1.1 Performing MAC Authentication on a RADIUS Server
When authentications are performed on a RADIUS server, the switch serves as a
RADIUS client and completes MAC authentication in combination of the RADIUS
server.
In MAC address mode, the switch sends the MAC addresses detected to the
RADIUS server as both the user names and passwords.
In fixed mode, the switch sends the user name and password previously
configured for the user to the RADIUS server for authentication.
A user can access a network upon passing the authentication performed by the
RADIUS server.
1.1.2 Performing MAC Authentication Locally
When authentications are performed locally, users are authenticated by switches. In
this case,
In MAC address mode, the local user name to be configured is the MAC address
of an access user. Hyphens must or must not be included depending on the format
configured with the mac-authentication authmode usernameasmacaddress
usernameformat command; otherwise, the authentication will fail.
Chapter 1 MAC Authentication Configuration
1-1
Advertisement
Chapters
Table of Contents
Troubleshooting
