Centralized MAC Address Authentication 405
6Set the encryption key when the system exchanges packets with the authentication
RADIUS server.
[SW5500-radius-radius1]key authentication name
7Set the encryption key when the system exchanges packets with the accounting
RADIUS server.
[SW5500-radius-radius1]key accounting money
8Set the timeouts and times for the system to retransmit packets to the RADIUS server.
[SW5500-radius-radius1]timer 5
[SW5500-radius-radius1]retry 5
9Set the interval for the system to transmit real-time accounting packets to the RADIUS
server.
[SW5500-radius-radius1]timer realtime-accounting 15
10 Configure the system to transmit the user name to the RADIUS server after removing
the domain name.
[SW5500-radius-radius1]user-name-format without-domain
[SW5500-radius-radius1]quit
11 Create the user domain 3com163.net and enters isp configuration mode.
[SW5500]domain 3com163.net
12 Specify radius1 as the RADIUS scheme for the users in the domain 3com163.net.
[SW5500-isp-3com163.net]scheme radius-scheme radius1 local
13 Set a limit of 30 users to the domain 3com163.net.
[SW5500-isp-3com163.net]access-limit enable 30
14 Enable idle cut function for the user and set the idle cut parameter in the domain
3com163.net.
[SW5500-isp-3com163.net]idle-cut enable 20 2000
15 Add a local user and sets its parameter.
[SW5500]local-user localuser
[SW5500-luser-localuser]service-type lan-access
[SW5500-luser-localuser]password simple localpass
16 Enable the 802.1x globally.
[SW5500]dot1x
Centralized MAC
Address
Authentication
Centralized MAC address authentication is a type of authentication method that
controls the user network access rights using the port and MAC address. It requires
no client software for the user and uses the user‘s MAC address as the user name and
password. The authentication to the user initiates after the Switch detects the user’s
MAC address for the first time.
The Switch 5500-EI supports local and RADIUS MAC address authentication. When it
functions as the RADIUS client and works with the RADIUS server to finish the MAC
address authentication, it sends the detected user MAC address used as the user
name and password to the RADIUS server and the rest processing is the same to
802.1x. After passing the authentication conducted by the RADIUS server, the user
then can access the network.