Got it
Enterprise
Community Forums Switches
MAC + 802.1x authenticati...

MAC + 802.1x authentication for wired user(MAC first)

Latest reply: Dec 29, 2018 06:07:57 334 5 9 0
display all floors #1

202945qzdvwxvxsegfskx1.png

1. User message trigger authentication 2. Switch send Mac to server for authentication, MAC authentication failed, trigger 802.1X certification 3. User enters user password for authentication


configuration example;


radius-server template controller_12.36
 radius-server shared-key cipher %^%#}gu$V!77QTf_=E.XK49#cLg'Smo}T!v8mIBwkKz0%^%#
 radius-server authentication 12.12.12.36 1812 weight 80
#
aaa
 authentication-scheme radius
  authentication-mode radius
 domain radius
  authentication-scheme radius
  radius-server controller_12.36
#

#
mac-access-profile name mac_access_profile
#
dot1x-access-profile name dot1x_access_profile
#
authentication-profile name mac_dot1x
 dot1x-access-profile dot1x_access_profile
 mac-access-profile mac_access_profile
 access-domain radius
#

#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 200
 authentication-profile mac_dot1x
#


authentication
  • x
  • convention:

Helpful (9) Favorite(0) Share Report
Previous: Portal authentication for wireless user(external portal server + Radius Server)
Next: Portal authentication for wireless user(HTTP + Radius Server)
Mysterious.color
Created Dec 25, 2018 13:35:32 Helpful(0) Helpful(0)

informative
View more
  • x
  • convention:
Core%20Engineer%2C%20Technical%20Department.%20High%20experience%20in%20Networking
yiyi0519
Created Dec 26, 2018 00:37:55 Helpful(0) Helpful(0)

it is a good case, If we want to control user permissions through ACL, what configuration do I need to add?
View more
  • x
  • convention:
SupperRobin
Created Dec 29, 2018 03:08:58 Helpful(0) Helpful(0)

Fixed user name: Regardless of users' MAC addresses, all users use a fixed name and password designated on the access device for authentication. As multiple users can be authenticated on the same interface, all users requiring MAC address authentication on the interface use the same fixed user name. The server only needs to configure one user account to meet the authentication demands of all users. This applies to a network environment with reliable clients.
View more
  • x
  • convention:
Finn92
Created Dec 29, 2018 03:13:38 Helpful(0) Helpful(0)

If the administrator modifies parameters such as access rights and authorization attributes of an online user on the authentication server, the user must be re-authenticated to ensure user validity.

If re-authentication is configured for online 802.1X authentication users, the device sends saved authentication parameters of an online user to the authentication server for re-authentication. The device saves user authentication information after users go online. If the user authentication information on the authentication server remains unchanged, the user keeps online. If the information has been modified, the user is disconnected and needs to be re-authenticated.
View more
  • x
  • convention:
Torrent
Created Dec 29, 2018 06:07:57 Helpful(0) Helpful(0)

The client initiates the authentication request through the HTTP/HTTPS protocol. When a HTTP/HTTPS message is connected to a device, the access device allows the HTTP/HTTPS message to access the portal server or a set of uncertified network resources, and the access device redirects it to the portal Server for HTTP/HTTPS messages that access other addresses. The Portal Server provides a Web page for the user to enter a user name and password for authentication, and notifies the client to send a post authentication request message to the access device.

thanks for sharing, we learned a lot.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.

APP

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.