52
MAC Authentication
Overview
RADIUS-Based MAC
Authentication
MAC A
UTHENTICATION
C
ONFIGURATION
When configuring MAC authentication, go to these sections for information you
are interested in:
"MAC Authentication Overview" on page 739
■
"Related Concepts" on page 740
■
"Configuring MAC Authentication" on page 741
■
"Displaying and Maintaining MAC Authentication" on page 742
■
"MAC Authentication Configuration Examples" on page 742
■
"ACL Assigning Configuration Example" on page 745
■
MAC authentication provides a way for authenticating users based on ports and
MAC addresses, without requiring any client software to be installed on the hosts.
Once detecting a new MAC address, it initiates the authentication process without
requiring username or password.
Currently, the device supports two MAC authentication modes:
Remote Authentication Dial-In User Service (RADIUS) based MAC
■
authentication
Local MAC authentication
■
For detailed information about RADIUS authentication and local authentication,
refer to "Configuring RADIUS" on page 765.
After determining the authentication mode to be used, you can choose the type
of MAC authentication username, including:
MAC address, where the MAC address of a user serves as both the username
■
and password.
Fixed username, where all users use the same preconfigured username and
■
password for authentication, regardless of the MAC addresses.
In RADIUS-base MAC authentication, the device serves as a RADIUS client and
requires a RADIUS server to cooperate with it.
If the type of MAC authentication username is MAC address, the device
■
forwards a detected MAC address as the username and password to the
RADIUS server for authentication of the user.
If the type of MAC authentication username is fixed username, the device
■
sends the same username and password configured locally to the RADIUS
server for authentication of each user.