To Next Page

To Previous Page

101

Configuring MAC authentication

Overview

MAC authentication controls network access by authenticating source MAC addresses on a port. The

feature does not require client software, and users do not have to enter a username and password for

network access. The device initiates a MAC authentication process when it detects an unknown source

MAC address on a MAC authentication-enabled port. If the MAC address passes authentication, the

user can access authorized network resources. If the authentication fails, the device marks the MAC

address as a silent MAC address, drops the packet, and starts a quiet timer. The device drops all

subsequent packets from the MAC address within the quiet time. The quiet mechanism avoids repeated

authentication during a short time.

NOTE:

If the MAC address that has failed authentication is a static MAC addre

ss or a MAC address that has

passed any security authentication, the device does not mark the MAC address as a silent address.

User account policies

MAC authentication supports the following user account policies:

• One MAC-based user account for each user. The access device uses the source MAC addresse

s in

pac

kets as the usernames and passwords of users for MAC authentication. This policy is suitable fo

an insecure environment.

• One shar

ed user account for all users. You specify one username and password, which ar

e not

neces

sarily a MAC address, for all MAC authentication users on the access device. This policy

suitable for a secure environment.

Authentication methods

You can perform MAC authentication on the access device (local authentication) or through a RADIUS

server.

Local authentication:

• MAC-based accounts—The access device uses the source MAC address of the packet as

the

sername and password to search the local account database for a match.

• A shared account—The access device uses the shared account username and password to search

the local account database for a match.

RADIUS authentication:

• MAC-based accounts—The access device sends the source MAC address of the packet as

the

sername and password to the RADIUS server for authentication

• A shar

ed account—The access device sends the shared account username and password

to the

ADIUS server for authentication

Other manuals for HP FlexFabric 5700 series

Configuration Guide185 pages

Questions and Answers:

Need help?

Do you have a question about the HP FlexFabric 5700 series and is the answer not in the manual?

HP FlexFabric 5700 series Specifications

General

Layer Support	L2/L3
Routing Protocol	OSPF, BGP, RIP, IS-IS, Static Routing
Remote Management Protocol	SNMP, CLI, Web
Features	VXLAN
Compliant Standards	IEEE 802.1D, 802.1Q, 802.1w, 802.1s, 802.3ad
Operating Temperature	0°C to 45°C
Operating Humidity	10% to 90% (non-condensing)
VLANs	4K