Concepts and Terminology

17

The two forms of RADIUS authentication supported by 3Com Network Access Manager are:

MAC-address based authentication, for example RADA (RADIUS Authenticated Device Access).

IEEE 802.1X authentication, also known as dot1X, 802.1X and Network Login.

MAC-address based Authentication

3Com Network Access Manager relies on the RADIUS server to perform MAC-address based authentication through a single authentication user name (as opposed to the MAC address as a user name).

When 3Com Network Access Manager receives an authentication request to the MAC authentication user name, it also authenticates the MAC address of the computer against the 3Com Network Access Manager rules to determine the authentication outcome, as follows:

1Look up the MAC address against all Computers configured, to find all associated rules.

2If rules are found, select the highest priority rule.

3If no rules are found, select the Default Rule.

4Return the authentication result from the selected rule.

IEEE 802.1X Authentication

When a switch performs IEEE 802.1X authentication, the process is similar to the MAC-address based authentication, but 3Com Network Access Manager also checks the user requested, as follows:

1Look up the IEEE 802.1X username against all Users configured, to find all associated rules.

2Look up the MAC address against all Computers configured, to find all associated rules.

3If rules are found, select the highest priority rule.

4If no rules are found, select the Default Rule.

5Return the authentication result from the selected rule.

Checking the MAC address ensures that network policies such as blocked hosts can be maintained, regardless of edge port security mode.

Page 17
Image 17
3Com DUA1550-0AAA02 manual MAC-address based Authentication, Ieee 802.1X Authentication