DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
180
Figure 5 - 43 RADIUS Accounting Settings window
MAC-based Access Control
MAC-based Access Control is a method to authenticate and authorize access using either a port or host. For port-
based MAC, the method decides port access rights, while for host-based MAC, the method determines the MAC
access rights.
A MAC user must be authenticated before being granted access to a network. Both local authentication and remote
RADIUS server authentication methods are supported. In MAC-based Access Control, MAC user information in a local
database or a RADIUS server database is searched for authentication. Following the authentication result, users
achieve different levels of authorization.
Notes About MAC-based Access Control
There are certain limitations and regulations regarding the MAC-based Access Control:
1. Once this feature is enabled for a port, the Switch will clear the FDB of that port.
2. If a port is granted clearance for a MAC address in a VLAN that is not a Guest VLAN, other MAC addresses on
that port must be authenticated for access and otherwise will be blocked by the switch.
3. A port accepts a maximum of sixteen authenticated MAC addresses per physical port of a VLAN that is not a
Guest VLAN. Other MAC addresses attempting authentication on a port with the maximum number of
authenticated MAC addresses will be blocked.
4. Ports that have been enabled for Link Aggregation, stacking, 802.1X authentication, 802.1X Guest VLAN, Port
Security, GVRP or Web-based authentication cannot be enabled for the MAC-based Authentication.
MAC-based Access Control Settings
The following window is used to set the parameters for the MAC-based Access Control function on the Switch. Here
the user can set the running state, method of authentication, RADIUS password and view the Guest VLAN
configuration to be associated with the MAC-based Access Control function of the Switch.MAC-based Access Control
Global Settings
To view this window, click
Security > MAC-based Access Control > MAC-based Access Control Settings
as
shown below: