Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
802.1x and MAC Address Mi...

802.1x and MAC Address Mixed Authentication mode: 802.1x is first

Latest reply: Dec 21, 2018 09:27:19 1819 6 10 0 0
View the author 1#

In NAC network deployment, 802.1x authentication and MAC address authentication can be deployed on interfaces of access users to flexibly adapt to various authentication requirements. In this manner, users can access the network in any authentication mode.


After multiple authentication modes are deployed, the device allows users to access the network in different modes by default to grant different network rights to users.


In this example, MAC address authentication is performed. If the authentication fails, 802.1X authentication is performed.


Picture1-1 Two authentication networking modes

202803sn5j8jmvmmnnn2fr.png

The unified mode is used.

Configuration file

#
authentication-profile name p1
dot1x-access-profile d1
mac-access-profile m1

authentication dot1x-mac-bypass  //  After MAC address bypass authentication is enabled in an authentication profile, the user who uses the authentication profile performs 802.1X authentication first. If the authentication fails, the device starts the MAC address authentication process for the user.
#
domain isp
#
radius-server template rd1
radius-server shared-key cipher %#%#FP@&C(&{$F2HTlPxg^NLS~KqA/\^3Fex;T@Q9A](%#%#
radius-server authentication 192.168.100.100 1812 weight 80
radius-server accounting 192.168.100.100 1813 weight 80
#
dot1x-access-profile name d1
#
mac-access-profile name m1
#
aaa
authentication-scheme abc
  authentication-mode radius
accounting-scheme acco1
  accounting-mode radius
  accounting realtime 15
domain isp
  authentication-scheme abc
  accounting-scheme acco1
  radius-server rd1
#
interface GigabitEthernet1/0/1
 authentication-profile p1
#


Like (10) Dislike (0) Favorite(0) Share Report
Previous: [Case Share] How to reduce the time outage on an OSPF network
Next: [Case share] Mac address flapping in roming networks
(0) (0)
2#
sim_157
Created Dec 18, 2018 03:22:51

so when configured with 802.1x and mac address authentication, you said the device will check the 802.1x first, if I passed the 802.1x checking, does it mean that I can get through the device without the mac address checking ?
View more
  • x
  • convention:
(0) (0)
3#
Finn92
Created Dec 18, 2018 06:59:58

After MAC address bypass authentication is enabled in an authentication profile, the user who uses the authentication profile performs 802.1X authentication first. If the authentication fails, the device starts the MAC address authentication process for the user.
thank you author , now i'm understand the function about MAC address bypass authentication .
View more
  • x
  • convention:
(0) (0)
4#
4am
Created Dec 19, 2018 08:54:35

Posted by sim_157 at 2018-12-18 03:22 so when configured with 802.1x and mac address authentication, you said the device will check the 80 ...
I think it's right, isn't it?
View more
  • x
  • convention:
(0) (0)
5#
yiyi0519
Created Dec 19, 2018 09:00:00

if the device not support the 802.1x, can it use the mac address to authenticate ?
View more
  • x
  • convention:
(0) (0)
6#
Hain
Created Dec 21, 2018 06:45:07

I come to the forum to see technical posts every day, sooner or later I will become an expert802.1x and MAC Address Mixed Authentication mode: 802.1x is first-2825699-1.
View more
  • x
  • convention:
(0) (0)
7#
user_2915719
Created Dec 21, 2018 09:27:19

How will the device which kind of authentication method to use? That's my question.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.