No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Address Authentication

MAC Address Authentication


MAC address authentication controls a user's network access rights based on the user's interface and MAC address. The user does not need to install any client software. The device starts authenticating a user when detecting the user's MAC address for the first time on the interface where MAC address authentication has been enabled. During the authentication process, the user does not need to enter a user name or password.

User Name Format

Based on different user name formats and content that the access device uses to authenticate users, user name formats used in MAC authentication can be classified into the following types:
  • MAC address: The device uses a user's MAC address as the user name for authentication. The device can also use the MAC address or a user-defined character string as the user password. This applies to scenarios where a few clients (such as printers) are deployed and MAC addresses are easy to obtain.
  • Fixed user name: Regardless of users' MAC addresses, all users use a fixed name and password designated on the access device for authentication. As multiple users can be authenticated on the same interface, all users requiring MAC address authentication on the interface use the same fixed user name. The server only needs to configure one user account to meet the authentication demands of all users. This applies to a network environment with reliable clients.
  • DHCP option: The device replaces a user's MAC address with the obtained user DHCP option and a fixed password as identity information for authentication. In this mode, the device must support MAC authentication triggering through DHCP packets.

Authentication Process

Figure 4-5 shows the MAC authentication process.

Figure 4-5  MAC address authentication process
  1. Before authentication, a pre-connection is established between the client and device.
  2. The device triggers MAC address authentication for a user when detecting any ARP/DHCP/ND/DHCPv6 packet sent by the user.
  3. Based on the configuration, the device sends the user name and password to the authentication server for authentication.
  4. The authentication server verifies the received user name and password. If the verification succeeds, the server sends an authentication success packet to the device. After receiving the authentication success packet, the device changes the interface status to authorized and allows the user to access the network through the interface.
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 124415

Downloads: 59

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next