Authentication Configuration; Centralized Mac Address Authentication Overview - Huawei Quidway S3900 Series Operation Manual
Hide thumbs
Also See for Quidway S3900 Series:
- Specifications (9 pages) ,
- Installation manual (95 pages) ,
- Command manual (1159 pages)
Table of Contents
Advertisement
Operation Manual -- Centralized MAC Address Authentication
Quidway S3900 Series Ethernet Switches-Release 1510
Chapter 1 Centralized MAC Address
Authentication Configuration
1.1 Centralized MAC Address Authentication Overview
Centralized MAC address authentication is port-/MAC address-based authentication
used to control user permissions to access a network. Centralized MAC address
authentication can be performed without client-side software. With this type of
authentication employed, a switch authenticates a user upon detecting the MAC
address of the user for the first time.
Centralized MAC address authentication can be implemented in the following two
modes:
MAC address mode, where user MAC servers as both the user name and the
password.
Fixed mode, where user names and passwords are configured on a switch in
advance. In this case, a user uses the previously configured user name and
password to log into a switch.
As for S3900 series Ethernet switches, authentication can be performed locally or on a
RADIUS server.
1)
When a RADIUS server is used for authentication, the switch serves as a RADIUS
client. Authentication is carried out through the cooperation of switches and the
RADIUS server.
In MAC address mode, a switch sends user MAC addresses detected to the
RADIUS server as both user names and passwords. The rest handling procedures
are the same as that of the common RADIUS authentication.
In fixed mode, a switch sends the user name and password previously configured
for the user to be authenticated to the RADIUS server and inserts the MAC
address of the user in the calling-station-id field of the RADIUS packet. The rest
handling procedures are the same as that of the common RADIUS authentication.
A user can access a network upon passing the authentication performed by the
DADIUS server.
2)
When authentications are performed locally, users are authenticated by switches.
In this case,
For MAC address mode, you can specify the format to enter the MAC addresses
used as both user name and password by executing corresponding commands.
That is, to specify whether or not MAC addresses are provided in the hyphened
form. The input format should be the same as the configured format, or else, the
authentication will fail.
Huawei Technologies Proprietary
1-1
Chapter 1 Centralized MAC Address
Authentication Configuration
- Quick Links:
- Switch Models
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
