52
MAC AUTHENTICATION
CONFIGURATION
When configuring MAC authentication, go to these sections for information you
are interested in:
■ “MAC Authentication Overview” on page 739
■ “Related Concepts” on page 740
■ “Configuring MAC Authentication” on page 741
■ “Displaying and Maintaining MAC Authentication” on page 742
■ “MAC Authentication Configuration Examples” on page 742
■ “ACL Assigning Configuration Example” on page 745
MAC Authentication
Overview
MAC authentication provides a way for authenticating users based on ports and
MAC addresses, without requiring any client software to be installed on the hosts.
Once detecting a new MAC address, it initiates the authentication process without
requiring username or password.
Currently, the device supports two MAC authentication modes:
■ Remote Authentication Dial-In User Service (RADIUS) based MAC
authentication
■ Local MAC authentication
For detailed information about RADIUS authentication and local authentication,
refer to “Configuring RADIUS” on page 765.
After determining the authentication mode to be used, you can choose the type
of MAC authentication username, including:
■ MAC address, where the MAC address of a user serves as both the username
and password.
■ Fixed username, where all users use the same preconfigured username and
password for authentication, regardless of the MAC addresses.
RADIUS-Based MAC
Authentication
In RADIUS-base MAC authentication, the device serves as a RADIUS client and
requires a RADIUS server to cooperate with it.
■ If the type of MAC authentication username is MAC address, the device
forwards a detected MAC address as the username and password to the
RADIUS server for authentication of the user.
■ If the type of MAC authentication username is fixed username, the device
sends the same username and password configured locally to the RADIUS
server for authentication of each user.
To Next Page
Loading...
