Concepts and Terminology | 17 |
The two forms of RADIUS authentication supported by 3Com Network Access Manager are:
■
■IEEE 802.1X authentication, also known as dot1X, 802.1X and Network Login.
MAC-address based Authentication
3Com Network Access Manager relies on the RADIUS server to perform
When 3Com Network Access Manager receives an authentication request to the MAC authentication user name, it also authenticates the MAC address of the computer against the 3Com Network Access Manager rules to determine the authentication outcome, as follows:
1Look up the MAC address against all Computers configured, to find all associated rules.
2If rules are found, select the highest priority rule.
3If no rules are found, select the Default Rule.
4Return the authentication result from the selected rule.
IEEE 802.1X Authentication
When a switch performs IEEE 802.1X authentication, the process is similar to the
1Look up the IEEE 802.1X username against all Users configured, to find all associated rules.
2Look up the MAC address against all Computers configured, to find all associated rules.
3If rules are found, select the highest priority rule.
4If no rules are found, select the Default Rule.
5Return the authentication result from the selected rule.
Checking the MAC address ensures that network policies such as blocked hosts can be maintained, regardless of edge port security mode.