Manualshelf

3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module
971972973974975976977978979980
75
MAC AUTHENTICATION
CONFIGURATION
When configuring MAC authentication, go to these sections for information you
are interested in:
“MAC Authentication Overview” on page 981
“Related Concepts” on page 981
“Configuring MAC Authentication” on page 982
“Displaying and Maintaining MAC Authentication” on page 983
“MAC Authentication Configuration Example” on page 983
MAC Authentication
Overview
MAC authentication provides a way for authenticating users based on ports and
MAC addresses, without requiring any client software to be installed on the hosts.
MAC authentication uses the MAC address of the user’s access device as the
authentication user name and password. Once detecting a new MAC address, it
initiates the authentication process.
MAC authentication can be performed on a RADIUS (remote authentication dial-In
user service) server or locally:
In RADIUS authentication, the device serves as an RADIUS client. It forwards
the detected user MAC address as the user name and password to the RADIUS
server for authentication. If the authentication succeeds, the user is allowed to
access the network resources.
In local authentication, the user MAC address must be manually configured on
the device as the user name and password.
n
For details about RADIUS and local authentication, refer to “AAA, RADIUS and
HWTACACS Configuration” on page 879.
Related Concepts
MAC Authentication
Timers
The following timers function in the process of MAC authentication:
Offline detect timer: At this interval, the device checks to see whether an online
user has gone offline. Once detecting that a user becomes offline, the device
sends to the RADIUS server a stop accounting notice.
Quiet timer: Whenever a user fails MAC authentication, the device does not
initiate any MAC authentication of the user during such a period.
Server timeout timer: During authentication of a user, if the device receives no
response from the RADIUS server in this period, it assumes that its connection