22
MAC A
UTHENTICATION
C
ONFIGURATION
MAC Authentication
Overview
MAC authentication provides a way for authenticating users based on ports and
MAC addresses, without requiring any client software to be installed on the hosts.
Once detecting a new MAC address, it initiates the authentication process. During
authentication, the user does not need to enter username or password manually.
You can implement MAC authentication locally or on a RADIUS server.When
combined with RADIUS Authentication, this feature is referred to as RADIUS
Authenticated Device Access, or RADA.
After determining the authentication method, users can select one of the
following types of user name as required:
■
MAC address mode, where the MAC address of a user serves as both the user
name and the password.
■
Fixed mode, where user names and passwords are configured on a switch in
advance. In this case, the user name, the password, and the limits on the total
number of user names are the matching criterion for successful authentication.
For details, refer to
“AAA Configuration” on page 245
for information about
local user attributes.
Performing MAC
Authentication on a
RADIUS Server
When authentications are performed on a RADIUS server, the switch serves as a
RADIUS client and completes MAC authentication in combination of the RADIUS
server.
■
In MAC address mode, the switch sends the MAC addresses detected to the
RADIUS server as both the user names and passwords.
■
In fixed mode, the switch sends the user name and password previously
configured for the user to the RADIUS server for authentication.
A user can access a network upon passing the authentication performed by the
RADIUS server.
Performing MAC
Authentication Locally
When authentications are performed locally, users are authenticated by switches.
In this case,
■
In MAC address mode, the local user name to be configured is the MAC
address of an access user. Hyphens must or must not be included depending
on the format configured with the
mac-authentication authmode
usernameasmacaddress usernameformat
command; otherwise, the
authentication will fail.
■
In fixed mode, all users’ MAC addresses are automatically mapped to the
configured local passwords and usernames.
Summary of Contents for 4210 PWR
Page 22: ...20 CHAPTER 1 CLI CONFIGURATION...
Page 74: ...72 CHAPTER 3 CONFIGURATION FILE MANAGEMENT...
Page 84: ...82 CHAPTER 5 VLAN CONFIGURATION...
Page 96: ...94 CHAPTER 8 IP PERFORMANCE CONFIGURATION...
Page 108: ...106 CHAPTER 9 PORT BASIC CONFIGURATION...
Page 122: ...120 CHAPTER 11 PORT ISOLATION CONFIGURATION...
Page 140: ...138 CHAPTER 13 MAC ADDRESS TABLE MANAGEMENT...
Page 234: ...232 CHAPTER 17 802 1X CONFIGURATION...
Page 246: ...244 CHAPTER 20 AAA OVERVIEW...
Page 270: ...268 CHAPTER 21 AAA CONFIGURATION...
Page 292: ...290 CHAPTER 26 DHCP BOOTP CLIENT CONFIGURATION...
Page 318: ...316 CHAPTER 29 MIRRORING CONFIGURATION...
Page 340: ...338 CHAPTER 30 CLUSTER...
Page 362: ...360 CHAPTER 33 SNMP CONFIGURATION...
Page 368: ...366 CHAPTER 34 RMON CONFIGURATION...
Page 450: ...448 CHAPTER 39 TFTP CONFIGURATION...
Page 451: ......
Page 452: ...450 CHAPTER 39 TFTP CONFIGURATION...
Page 470: ...468 CHAPTER 40 INFORMATION CENTER...
Page 496: ...494 CHAPTER 44 DEVICE MANAGEMENT...