H3C S7500E Series Ethernet Switches Operation Manual
Operation Manual – 802.1x - MAC Authentication
H3C S7500E Series Ethernet Switches Chapter 3 MAC Authentication Configuration
3-1
Chapter 3 MAC Authentication Configuration
When configuring MAC authentication, go to these sections for information you are
interested in:
z MAC Authentication Overview
z Related Concepts
z Configuring MAC Authentication
z Displaying and Maintaining MAC Authentication
z MAC Authentication Configuration Examples
z ACL Assigning Configuration Example
3.1 MAC Authentication Overview
MAC authentication provides a way for authenticating users based on ports and MAC
addresses, without requiring any client software to be installed on the hosts. Once
detecting a new MAC address, it initiates the authentication process without requiring
username or password.
Currently, the device supports two MAC authentication modes:
z Remote Authentication Dial-In User Service (RADIUS) based MAC authentication
z Local MAC authentication
For detailed information about RADIUS authentication and local authentication, refer to
AAA RADIUS HWTACACS Configuration.
After determining the authentication mode to be used, you can choose the type of MAC
authentication username, including:
z MAC address, where the MAC address of a user serves as both the username and
password.
z Fixed username, where all users use the same preconfigured username and
password for authentication, regardless of the MAC addresses.
3.1.1 RADIUS-Based MAC Authentication
In RADIUS-base MAC authentication, the device serves as a RADIUS client and
requires a RADIUS server to cooperate with it.
z If the type of MAC authentication username is MAC address, the device forwards
a detected MAC address as the username and password to the RADIUS server for
authentication of the user.
z If the type of MAC authentication username is fixed username, the device sends
the same username and password configured locally to the RADIUS server for
authentication of each user.