Operation Manual – 802.1x-HABP-MAC Authentication
H3C S5500-EI Series Ethernet Switches
Chapter 4 MAC Authentication Configuration
4-3
Caution:
If the quiet MAC is the same as the static MAC configured or an authentication-passed
MAC, then the quiet function is not effective.
4.2.3 VLAN Assigning
For separation of users from restricted network resources, a more general way is to put
the users and restricted resources into different VLANs. After a user passes identity
authentication, the authorization server assigns the VLAN where the restricted
resources reside as an authorized VLAN and the port to which the user is connected
will become a member of the authorized VLAN. As a result, the user can access those
restricted network resources.
4.2.4 ACL Assigning
ACLs assigned by an authorization server are referred to as authorization ACLs, which
are designed to control access to network resources with a very fine granularity. When
a user logs in, if the RADIUS server is configured with authorization ACLs, the device
will permit or deny data flows traversing through the port through which the user
accesses the device according to the authorization ACLs assigned by the RADIUS
server. You can change access rights of users by modifying authorization ACL settings
on the RADIUS server.
4.3 Configuring MAC Authentication
4.3.1 Configuration Prerequisites
z
Create and configure an ISP domain.
z
For local authentication, create the local users and configure the passwords.
z
For RADIUS authentication, ensure that a route is available between the device
and the RADIUS server.