Performing Mac Address Authentication On A Radius Server; Performing Mac Address Authentication Locally; Related Concepts; Mac Address Authentication Timers - H3C S5600 Series Operation Manual
Hide thumbs
Also See for H3C S5600 Series:
- Operation manual (1218 pages) ,
- Configuration (313 pages) ,
- Operation manual (1096 pages)
Table of Contents
Advertisement
Operation Manual – MAC Address Authentication
H3C S5600 Series Ethernet Switches
1.1.1 Performing MAC Address Authentication on a RADIUS Server
When authentications are performed on a RADIUS server, the switch serves as a
RADIUS client and completes MAC address authentication in combination of the
RADIUS server.
In MAC address mode, the switch sends the MAC addresses detected to the
RADIUS server as both the user names and passwords, or sends the MAC
addresses detected to the RADIUS server as the user names and uses the
configured fixed password as the password.
In fixed mode, the switch sends the user name and password previously
configured for the user to the RADIUS server for authentication.
A user can access a network upon passing the authentication performed by the
RADIUS server.
1.1.2 Performing MAC Address Authentication Locally
When authentications are performed locally, users are authenticated by switches. In
this case,
In MAC address mode, the local user name to be configured is the MAC address
of an access user, while the password may be the MAC address of the user or the
fixed password configured (which is used depends on your configuration).
Hyphens must or must not be included depending on the format configured with
the mac-authentication authmode usernameasmacaddress usernameformat
command; otherwise, the authentication will fail.
In fixed mode, all users' MAC addresses are automatically mapped to the
configured local passwords and usernames.
The service type of a local user needs to be configured as lan-access.
1.2 Related Concepts
1.2.1 MAC Address Authentication Timers
The following timers function in the process of MAC address authentication:
Offline detect timer: At this interval, the switch checks to see whether an online
user has gone offline. Once detecting that a user becomes offline, the switch
sends a stop-accounting notice to the RADIUS server.
Quiet timer: Whenever a user fails MAC address authentication, the switch does
not initiate any MAC address authentication of the user during a period defined by
this timer.
Server timeout timer: During authentication of a user, if the switch receives no
response from the RADIUS server in this period, it assumes that its connection to
the RADIUS server has timed out and forbids the user from accessing the
network.
Chapter 1 MAC Address Authentication
1-2
Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
