3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

201

202

203

204

205

206

207

208

209

210

CENTRALIZED MAC ADDRESS

AUTHENTICATION CONFIGURATION

Centralized MAC

Address

Authentication

Overview

Centralized MAC address authentication is port-/MAC address-based authentication

used to control user permissions to access a network. Centralized MAC address

authentication can be performed without client-side software. With this type of

authentication employed, a switch authenticates a user upon detecting the MAC

address of the user for the first time.

Centralized MAC address authentication can be implemented in the following two

modes:

■ MAC address mode, where user MAC servers as both user name and password.

■ Fixed mode, where user names and passwords are configured on the switch in

advance. In this case, a user uses the previously configured user name and

password to log into the switch.

As for S4200G series Ethernet switches, authentication can be performed locally or

on a RADIUS server.

1 When a RADIUS server is used for authentication, the switch serves as a RADIUS

client. Authentication is carried out through the cooperation of switches and the

RADIUS server.

■ In MAC address mode, a switch sends user MAC addresses detected to the

RADIUS serve as both user names and passwords. The rest handling procedures

are the same as that of 802.1x.

■ In fixed mode, a switch sends the user name and password previously configured

for the user to be authenticated to the RADIUS server and inserts the MAC address

of the user in the calling-station-id field of the RADIUS packet. The rest handling

procedures are the same as that of 802.1x.

■ A host can access a network if it passes the authentication performed by the

RADIUS server.

2 When authentications are performed locally, users are authenticated by switches. In

this case,

■ For MAC address mode, the MAC addresses configured to be both user names

and passwords need to be in the format of HH-HH-HH, for example,

00-e0-fc-00-01-01.

■ For fixed mode, configure the user names and passwords as that for fixed mode.

■ The service type of a local user needs to be configured as lan-access.

Centralized MAC

Address

Authentication

Configuration

The following sections describe centralized MAC address authentication

configuration tasks:

■ Enabling Centralized MAC Address Authentication Globally and for a Port

■ Configuring Centralized MAC Address Authentication Mode

■ Configuring a User Name and Password to be used in Fixed Mode