Web and MAC Authentication
Configure Web Authentication
Configure MAC Authentication
Display Web Authentication Status and Configuration
Display MAC Authentication Status and Configuration
Web and MAC Authentication are designed for employment on the "edge" of
a network to provide port-based security measures for protecting private
networks and the switch itself from unauthorized access. Because neither
method requires clients to run any special supplicant software, both are
suitable for legacy systems and temporary access situations where introduc-
ing supplicant software is not an attractive option. Both methods rely on using
a RADIUS server for authentication. This simplifies access security manage-
ment by allowing you to control access from a master database in a single
server. (You can use up to three RADIUS servers to provide backups in case
access to the primary server fails.) It also means the same credentials can be
used for authentication, regardless of which switch or switch port is the
current access point into the LAN.
Web Authentication (Web-Auth). This method uses a Web page login to
authenticate users for access to the network. When a user connects to the
switch and opens a Web browser the switch automatically presents a login
page. The user then enters a username and password, which the switch
forwards to a RADIUS server for authentication. After authentication, the
switch grants access to the secured network. Other than a Web browser, the
client needs no special supplicant software.
Client Web browsers may not use a proxy server to access the network.
MAC Authentication (MAC-Auth). This method grants access to a secure
network by authenticating devices for access to the network. When a device
connects to the switch, either by direct link or through the network, the switch
forwards the device's MAC address to the RADIUS server for authentication.
The RADIUS server uses the device MAC address as the username and