No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Address Authentication

MAC Address Authentication

Overview

MAC address authentication controls a user's network access permission based on the user's interface and MAC address. The user does not need to install any client software. After detecting the user's MAC address for the first time on an interface where MAC address authentication is running, the device begins authenticating the user. During the authentication, the user does not need to enter a user name or password.

Based on different user name formats and content that the access device uses to authenticate users, user name formats used in MAC authentication can be classified into the following types:
  • MAC address: The device uses a user's MAC address as the user name for authentication. The device can also use the MAC address or a user-defined character string as the user password.
  • Fixed user name: Regardless of users' MAC addresses, all users use a fixed name and password designated on the access device for authentication. As multiple users can be authenticated on the same interface, all users requiring MAC address authentication on the interface use the same fixed user name. The server only needs to configure one user account to meet the authentication demands of all users. This applies to a network environment with reliable clients.
  • DHCP option: The device replaces a user's MAC address with the obtained user DHCP option and a fixed password as identity information for authentication. In this mode, the device must support MAC authentication triggering through DHCP packets.

Guest VLAN

When the guest VLAN function is enabled, if the user does not respond to the MAC address authentication request, the device adds the interface where the user resides into the guest VLAN, so that the user can access resources in the guest VLAN. In this manner, the user can access some network resources without being authenticated.

User Group Authorization

The device can authorize users based on the user group. After users are authenticated, the authentication server groups users together. Each user group is bound to an ACL so that users in the same user group share an ACL.

Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 13745

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next