1 MAC Authentication Configuration

The sample output information in this manual was created on the WX3024. The output information on your device may vary.

MAC Authentication Overview

MAC authentication provides a way for authenticating users based on ports and MAC addresses, without requiring any client software to be installed on the hosts. Once detecting a new MAC address, it initiates the authentication process. During authentication, the user does not need to enter username or password manually.

The device implements MAC authentication locally or on a RADIUS server.

After determining the authentication method, users can select one of the following types of username as required:

z

z

MAC address mode, where the MAC address of a user serves as both the username and the password.

Fixed mode, where usernames and passwords are configured on the device in advance. In this case, the username, the password, and the limits on the total number of usernames are the matching criterion for successful authentication. For details, refer to AAA of this manual for information about local user attributes.

Performing MAC Authentication on a RADIUS Server

In RADIUS-based MAC authentication, the device serves as a RADIUS client and completes MAC authentication in combination of the RADIUS server.

z

z

If the type of username is MAC address, the device sends a detected MAC address to the RADIUS server as both the username and password for authentication of the user.

If the type of username is fixed username, the device sends the same username and password previously configured on the device to the RADIUS server for authentication of each user.

A user can access a network upon passing the authentication performed by the RADIUS server.

Performing MAC Authentication Locally

In local MAC authentication, the device performs authentication for users locally and different items need to be manually configured for users on the device according to the specified type of username:

zIf the username type is MAC address, a local user must be configured for each user on the device, using the MAC address of the accessing user as the username. Hyphens must or must not be

1-1

Page 294
Image 294
3Com WX3000 MAC Authentication Configuration, MAC Authentication Overview, Performing MAC Authentication Locally