No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Address Authentication

MAC Address Authentication

Overview

MAC address authentication controls a user's network access rights based on the user's interface and MAC address. The user does not need to install any client software. The device starts authenticating a user when detecting the user's MAC address for the first time on the interface where MAC address authentication has been enabled. During the authentication process, the user does not need to enter a user name or password.

User Name Format

Based on different user name formats and content that the access device uses to authenticate users, user name formats used in MAC authentication can be classified into the following types:
  • MAC address: The device uses a user's MAC address as the user name for authentication. The device can also use the MAC address or a user-defined character string as the user password.
  • Fixed user name: Regardless of users' MAC addresses, all users use a fixed name and password designated on the access device for authentication. As multiple users can be authenticated on the same interface, all users requiring MAC address authentication on the interface use the same fixed user name. The server only needs to configure one user account to meet the authentication demands of all users. This applies to a network environment with reliable clients.
  • DHCP option: The device replaces a user's MAC address with the obtained user DHCP option and a fixed password as identity information for authentication. In this mode, the device must support MAC authentication triggering through DHCP packets.

Authentication Process

Figure 3-5 shows the MAC authentication process.

Figure 3-5  MAC address authentication process
  1. The device triggers MAC address authentication for a user when detecting any ARP/DHCP/ND/DHCPv6 packet sent by the user.
  2. Based on the configuration, the device sends the user name and password to the authentication server for authentication.
  3. The authentication server verifies the received user name and password. If the verification succeeds, the server sends an authentication success packet to the device. After receiving the authentication success packet, the device changes the interface status to authorized and allows the user to access the network through the interface.
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034077

Views: 112392

Downloads: 206

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next