Table of Contents
Advertisement
Web and MAC Authentication
Overview
password, and grants or denies network access in the same way that it does
for clients capable of interactive logons. (The process does not use either a
client device configuration or a logon session.) MAC authentication is well-
suited for clients that are not capable of providing interactive logons, such as
telephones, printers, and wireless access points. Also, because most RADIUS
servers allow for authentication to depend on the source switch and port
through which the client connects to the network, you can use MAC-Auth to
"lock" a particular device to a specific switch and port.
N o t e
You can configure only one authentication type on a port. This means that
Web authentication, MAC authentication, 802.1X, MAC lockdown, MAC lock-
out, and port-security are mutually exclusive on a given port. Also, LACP must
be disabled on ports configured for any of these authentication methods.
Client Options
Web-Auth and MAC-Auth provide a port-based solution in which a port can
belong to one, untagged VLAN at a time. The switch allows 2 clients per port.
In the default configuration, the switch blocks access to clients that the
RADIUS server does not authenticate. However, you can configure an individ-
ual port to provide limited services to unauthorized clients by joining a
specified "unauthorized" VLAN during sessions with such clients. The unau-
thorized VLAN assignment can be the same for all ports, or different, depend-
ing on the services and access you plan to allow for unauthenticated clients.
Access to an optional, unauthorized VID is configured in the switch when Web
and MAC Authentication are configured on a port.
3-3
Hide quick links:
Advertisement
Table of Contents
