Mac Authentication Configuration; Mac Authentication Overview; Performing Mac Authentication On A Radius Server; Performing Mac Authentication Locally - H3C S3100 Series Operation Manual
H3c s3100 series ethernet switches operation manual
Hide thumbs
Also See for S3100 Series:
- Command manual (1244 pages) ,
- Installation manual (94 pages) ,
- Operation manual (32 pages)
Table of Contents
Advertisement
1
MAC Authentication Configuration
MAC Authentication Overview
MAC authentication provides a way for authenticating users based on ports and MAC addresses,
without requiring any client software to be installed on the hosts. Once detecting a new MAC address, it
initiates the authentication process. During authentication, the user does not need to enter username or
password manually.
For S3100 Series Ethernet switches, MAC authentication can be implemented locally or on a RADIUS
server.
After determining the authentication method, users can select one of the following types of user name
as required:
MAC address mode, where the MAC address of a user serves as both the user name and the
password.
Fixed mode, where user names and passwords are configured on a switch in advance. In this case,
the user name, the password, and the limits on the total number of user names are the matching
criterion for successful authentication. For details, refer to AAA of this manual for information about
local user attributes.
Performing MAC Authentication on a RADIUS Server
When authentications are performed on a RADIUS server, the switch serves as a RADIUS client and
completes MAC authentication in combination of the RADIUS server.
In MAC address mode, the switch sends the MAC addresses detected to the RADIUS server as
both the user names and passwords.
In fixed mode, the switch sends the user name and password previously configured for the user to
the RADIUS server for authentication.
The RADIUS authentication process is the same as that of the 802.1x PAP authentication method. For
details, refer to 802.1x and System-Guard Operation.
A user can access a network upon passing the authentication performed by the RADIUS server.
Performing MAC Authentication Locally
When authentications are performed locally, users are authenticated by switches. In this case,
In MAC address mode, the local user name to be configured is the MAC address of an access user.
Hyphens must or must not be included depending on the format configured with the
mac-authentication
otherwise, the authentication will fail.
In fixed mode, all users' MAC addresses are automatically mapped to the configured local
passwords and usernames.
The service type of a local user needs to be configured as lan-access.
authmode
usernameasmacaddress
1-1
usernameformat
command;
Advertisement
Chapters
Table of Contents
Troubleshooting
