3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

231

232

233

234

235

236

237

238

239

240

CENTRALIZED MAC ADDRESS

UTHENTICATION CONFIGURATION

Currently, 3C16860, 3C16861, LS81FS24A, 3C16859, and 3C16858 I/O Modules

of 3Com Switch 7750 Ethernet switches do not support the centralized MAC

address authentication.

Centralized MAC

Address

Authentication

Overview

Centralized MAC address authentication is port- and MAC address-based

authentication used to control user permissions to access a network. Centralized

MAC address authentication can be performed without client-side software. With

this type of authentication employed, a switch authenticates a user upon

detecting the MAC address of the user for the first time.

Centralized MAC address authentication can be implemented in the following two

modes:

■ MAC address mode, where user MAC serves as both the user name and the

password.

■ Fixed mode, where user names and passwords are configured on a switch in

advance.

As for Switch 7750 Ethernet switches, authentication can be performed locally or

through a RADIUS server.

1 When a RADIUS server is used for authentication, the switch serves as a RADIUS

client. Authentication is carried out through the cooperation of switches and the

RADIUS server.

■ In MAC address mode, a switch sends user MAC addresses detected to the

RADIUS server as both user names and passwords. The rest handling

procedures are the same as that of the common RADIUS authentication.

■ In fixed mode, a switch sends the user name and password previously

configured for the user to be authenticated to the RADIUS server and replaces

the calling-station-id field of the RADIUS packet with the MAC address of the

user. The rest handling procedures are the same as that of the common

RADIUS authentication.

■ A user can access a network upon passing the authentication performed by the

RADIUS server.

2 When authentications are performed locally, users are authenticated by switches.

In this case,

■ For fixed mode, configure the local user names and passwords as those for

fixed mode.

■ The service type of a local user needs to be configured as lan-access.