No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Combined Authentication

Configuring Combined Authentication


On a network with diversified clients, different clients support different access authentication modes. Some clients (such as printers) support only MAC address authentication. Some hosts support 802.1X authentication because they have 802.1X client software installed. Some hosts require Portal authentication using web browsers. If all the preceding authentication modes are used on a network, they all must be configured on user access interfaces so that users can use a proper authentication mode to connect to the network.

If MAC address authentication and Portal authentication are configured simultaneously on a VLANIF interface, a user is authorized in the following way:
  1. MAC address authentication is performed first. If the user passes MAC address authentication, the user is granted the network access rights for MAC address authentication users.
  2. If Portal authentication is triggered and succeeds after a successful MAC address authentication, the user is granted the network access rights for Portal authentication users. If Portal access is terminated by the user or the device, the user's network access rights are restored to those for MAC address authentication users.

    If Portal authentication is performed for a user after a successful MAC address authentication, the user is not redirected to the authentication page and needs to enter the authentication page address.

    If MAC address-prioritized Portal authentication is used, a malicious user may use a bogus MAC address to access the network after an authorized user passes Portal authentication.


Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 131686

Downloads: 64

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next