Configuring MAC authentication
Overview
MAC authentication controls network access by authenticating source MAC addresses on a port. It does not require client software. A user does not need to enter a username and password for network access. The device initiates a MAC authentication process when it detects an unknown source MAC address on a MAC authentication enabled port. If the MAC address passes authentication, the user can access authorized network resources. If the authentication fails, the device marks the MAC address as a silent MAC address, drops the packet, and starts a quiet timer. The device drops all subsequent packets from the MAC address within the quiet time. This quiet mechanism avoids repeated authentication during a short time.
If the MAC address that has failed authentication is a static MAC address or a MAC address that has passed any security authentication, the device does not mark the MAC address as a silent address.
User account policies
MAC authentication supports the following user account policies:
•One
•One shared user account for all
Authentication methods
You can perform MAC authentication on the access device (local authentication) or through a RADIUS server.
Local authentication:
•If you configure
•If you configure a shared account, the access device uses the shared account username and password to search its local account database for a match.
RADIUS authentication:
•If you configure
•If you configure a shared account, the access device sends the shared account username and password to the RADIUS server for authentication.
404